473,217 Members | 2,136 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,217 software developers and data experts.

odd GET s

I was combing through my Apache logs, just checking up on things and I
found something very odd that I've never seen before. These wierd
accesses:

index.php?=PHPE9568F34-D428-11d2-A769-00AA001ACF42
index.php?=PHPE9568F35-D428-11d2-A769-00AA001ACF43
I'm not sure what this is.

This is what they do:

The first one simply displays the Zend Optimizer logo, and the second
one goes to my home page.

The first one only occurs about 10 times, on the same page, from 2
different IPs. The second occurs probably 50 times, on the same page,
from 4 different IPs.
Does anyone know what this is? If so, can it be useful to me, or is it
simply a security hole.
--TekWiz

Jul 17 '05 #1
3 1518
TekWiz wrote:
I was combing through my Apache logs, just checking up on things and I
found something very odd that I've never seen before. These wierd
accesses:

index.php?=PHPE9568F34-D428-11d2-A769-00AA001ACF42
index.php?=PHPE9568F35-D428-11d2-A769-00AA001ACF43
I'm not sure what this is.

This is what they do:

The first one simply displays the Zend Optimizer logo, and the second
one goes to my home page.

The first one only occurs about 10 times, on the same page, from 2
different IPs. The second occurs probably 50 times, on the same page,
from 4 different IPs.
Does anyone know what this is? If so, can it be useful to me, or is it
simply a security hole.
--TekWiz


What does index.php do? Does it expect arguements in $_GET or $_POST
??? It might well be a hacking process crawling the web for php
suffixed files and then sending some duff information to see if PHP
would throw out an error (if it did, then I guess it might give the
hacker something to work on).

I can't see how youget the Zend Optimizer logo from the first link, and
your home page on the second link. I think first time around, its
reading it from your PCs cache - I'm not sure - I'm guessing...

Hope that helps some,
randelld
Jul 17 '05 #2
The first request is a PHP "Easter Egg". In order to not show the logo, you
need to set expose_php to off in php.ini. Someone may be trying to
determine if your server is running PHP (for benign or malevolent reasons).
The second request, as far as I know, is meaningless.

- Kevin
"TekWiz" <te****@twarlick.net> wrote in message
news:11*********************@z14g2000cwz.googlegro ups.com...
I was combing through my Apache logs, just checking up on things and I
found something very odd that I've never seen before. These wierd
accesses:

index.php?=PHPE9568F34-D428-11d2-A769-00AA001ACF42
index.php?=PHPE9568F35-D428-11d2-A769-00AA001ACF43
I'm not sure what this is.

This is what they do:

The first one simply displays the Zend Optimizer logo, and the second
one goes to my home page.

The first one only occurs about 10 times, on the same page, from 2
different IPs. The second occurs probably 50 times, on the same page,
from 4 different IPs.
Does anyone know what this is? If so, can it be useful to me, or is it
simply a security hole.
--TekWiz

Jul 17 '05 #3
"TekWiz" <te****@twarlick.net> writes:
I was combing through my Apache logs, just checking up on things and I
found something very odd that I've never seen before. These wierd
accesses:

index.php?=PHPE9568F34-D428-11d2-A769-00AA001ACF42
index.php?=PHPE9568F35-D428-11d2-A769-00AA001ACF43
I'm not sure what this is.
--snip--
Does anyone know what this is? If so, can it be useful to me, or is it
simply a security hole.


I don't know the technical term for these type of strings, but they're
completely harmless PHP control codes. They actually work on any
webserver with expose_php enabled (see, for example,
http://www.php.net/?=PHPE9568F36-D42...9-00AA001ACF42 ) If they
make you nervous, though, you can set the expose_php in your php.ini
file to Off.

There are actually four codes that I know about (you can see their
definitions in the php source within /ext/standard/info.h)

?=PHPE9568F34-D428-11d2-A769-00AA001ACF42
Displays the PHP logo. (This provides a way for the phpinfo function
to display a PHP logo).

?=PHPE9568F35-D428-11d2-A769-00AA001ACF42
Displays the Zend logo. (Also used by phpinfo).

?=PHPE9568F36-D428-11d2-A769-00AA001ACF42
Displays an "easter egg" image of a rabbit in PHP 5.0, a dog in PHP
4.3.0, or some dude in 4.2.3

?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000
Displays the PHP development credits. (This page is linked to from phpinfo).

I hope this helps.

--
Peter Sahlstrom
ne**@sahlstrom.us
http://peter.stormlash.net
Jul 17 '05 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

3
by: William C. White | last post by:
Does anyone know of a way to use PHP /w Authorize.net AIM without using cURL? Our website is hosted on a shared drive and the webhost company doesn't installed additional software (such as cURL)...
2
by: Albert Ahtenberg | last post by:
Hello, I don't know if it is only me but I was sure that header("Location:url") redirects the browser instantly to URL, or at least stops the execution of the code. But appearantely it continues...
3
by: James | last post by:
Hi, I have a form with 2 fields. 'A' 'B' The user completes one of the fields and the form is submitted. On the results page I want to run a query, but this will change subject to which...
0
by: Ollivier Robert | last post by:
Hello, I'm trying to link PHP with Oracle 9.2.0/OCI8 with gcc 3.2.3 on a Solaris9 system. The link succeeds but everytime I try to run php, I get a SEGV from inside the libcnltsh.so library. ...
1
by: Richard Galli | last post by:
I want viewers to compare state laws on a single subject. Imagine a three-column table with a drop-down box on the top. A viewer selects a state from the list, and that state's text fills the...
4
by: Albert Ahtenberg | last post by:
Hello, I have two questions. 1. When the user presses the back button and returns to a form he filled the form is reseted. How do I leave there the values he inserted? 2. When the...
1
by: inderjit S Gabrie | last post by:
Hi all Here is the scenerio ...is it possibly to do this... i am getting valid course dates output on to a web which i have designed ....all is okay so far , look at the following web url ...
2
by: Jack | last post by:
Hi All, What is the PHP equivilent of Oracle bind variables in a SQL statement, e.g. select x from y where z=:parameter Which in asp/jsp would be followed by some statements to bind a value...
3
by: Sandwick | last post by:
I am trying to change the size of a drawing so they are all 3x3. the script below is what i was trying to use to cut it in half ... I get errors. I can display the normal picture but not the...
0
by: VivesProcSPL | last post by:
Obviously, one of the original purposes of SQL is to make data query processing easy. The language uses many English-like terms and syntax in an effort to make it easy to learn, particularly for...
3
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 3 Jan 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). For other local times, please check World Time Buddy In...
0
by: mar23 | last post by:
Here's the situation. I have a form called frmDiceInventory with subform called subfrmDice. The subform's control source is linked to a query called qryDiceInventory. I've been trying to pick up the...
0
by: abbasky | last post by:
### Vandf component communication method one: data sharing ​ Vandf components can achieve data exchange through data sharing, state sharing, events, and other methods. Vandf's data exchange method...
2
by: jimatqsi | last post by:
The boss wants the word "CONFIDENTIAL" overlaying certain reports. He wants it large, slanted across the page, on every page, very light gray, outlined letters, not block letters. I thought Word Art...
0
by: fareedcanada | last post by:
Hello I am trying to split number on their count. suppose i have 121314151617 (12cnt) then number should be split like 12,13,14,15,16,17 and if 11314151617 (11cnt) then should be split like...
0
by: stefan129 | last post by:
Hey forum members, I'm exploring options for SSL certificates for multiple domains. Has anyone had experience with multi-domain SSL certificates? Any recommendations on reliable providers or specific...
0
Git
by: egorbl4 | last post by:
Скачал я git, хотел начать настройку, а там вылезло вот это Что это? Что мне с этим делать? ...
1
by: davi5007 | last post by:
Hi, Basically, I am trying to automate a field named TraceabilityNo into a web page from an access form. I've got the serial held in the variable strSearchString. How can I get this into the...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.