You have to love phpinfo() . This simple PHP function prints out a truck-load of information regarding all kinds of configuration details of your Apache + PHP installation. It is very helpful to a Web administrator who is trying to debug his installations and also very “helpful” to attackers who can get a quite good peak of what
goes on inside your installation, such as:
- PHP Version running on the machine (cough*exploits*cough)
- Operating System
- Paths to your Web applications
- All modules installed
If you haven’t seen one, you got to 🙂 . Here is one:
You can also make one yourself simply by uploading the following and visiting it on your Web server
<?php phpinfo(); ?>
You see that the list is quite exhaustive. Now, I was trying to find as many as possible last night using Google for a little project of mine. The question is, how do you go about finding them. How about searching for “phpinfo” in Google… You will get some results but you will also get many results from people talking about phpinfo. So while I was searching it suddenly hit me! … How does Google find pages? It crawls them 🙂 So every search result that you see is a result of crawler finding it. That’s a very good piece of information when you combine it with the fact that among the various information that a phpinfo() page gives, is details about the current client visiting, such as his IP address, his hostname, port number and so on. What do you get as a result?
The perfect recipe! Go to google and search for “phpinfo googlebot”.
How cool is that? When the phpinfo pages were visited, they emitted information about their visitor which the crawlers happily saved as content along with all the rest. Now, what you can do is use the Cached version of each result, to see exactly what each crawler saw, including the crawler’s name, IP address, the date of crawling, his connecting port and so on 🙂
That’s it… a peek in Google’s past with phpinfo(). You can also use this behaviour to make a page on your website that emitts information about the visitor and through Google search you can inspect how often they come knocking on your door
Till next time