odd GET s

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I was combing through my Apache logs, just checking up on things and I
found something very odd that I've never seen before. These wierd


I'm not sure what this is.

This is what they do:

The first one simply displays the Zend Optimizer logo, and the second
one goes to my home page.

The first one only occurs about 10 times, on the same page, from 2
different IPs.  The second occurs probably 50 times, on the same page,
from 4 different IPs.

Does anyone know what this is? If so, can it be useful to me, or is it
simply a security hole.


Re: odd GET s

The first request is a PHP "Easter Egg".  In order to not show the logo, you
need to set expose_php to off in php.ini.  Someone may be trying to
determine if your server is running PHP (for benign or malevolent reasons).
The second request, as far as I know, is meaningless.

- Kevin

Quoted text here. Click to load it

Re: odd GET s

Quoted text here. Click to load it

I don't know the technical term for these type of strings, but they're
completely harmless PHP control codes.  They actually work on any
webserver with expose_php enabled (see, for example,
http://www.php.net/?=PHPE9568F36-D428-11d2-A769-00AA001ACF42 ) If they
make you nervous, though, you can set the expose_php in your php.ini
file to Off.

There are actually four codes that I know about (you can see their
definitions in the php source within /ext/standard/info.h)

Displays the PHP logo.  (This provides a way for the phpinfo function
to display a PHP logo).

Displays the Zend logo.  (Also used by phpinfo).

Displays an "easter egg" image of a rabbit in PHP 5.0, a dog in PHP
4.3.0, or some dude in 4.2.3

Displays the PHP development credits.  (This page is linked to from phpinfo).

I hope this helps.

Peter Sahlstrom

Re: odd GET s

TekWiz wrote:

Quoted text here. Click to load it

What does index.php do?  Does it expect arguements in $_GET or $_POST
???  It might well be a hacking process crawling the web for php
suffixed files and then sending some duff information to see if PHP
would throw out an error (if it did, then I guess it might give the
hacker something to work on).

I can't see how youget the Zend Optimizer logo from the  first link, and
your home page on the second link.  I think first time around, its
reading it from your PCs cache - I'm not sure - I'm guessing...

Hope that helps some,

Site Timeline