PHP

PHP has become the most important scripting language for the use on homepages. The latest version brings many improvements for object oriented programming (OOP) as well as security fixes. While many web hosts might be slow on upgrading to the latest PHP5x versions and tend to stick with PHP4 a lot, PHP6 is already in developement.

Create HTTP 404 errors with PHP

For security reasons, giving your surfers a 404 error can be better than printing the actual PHP error message. This way, you do not give out your script logic.

"Why bother"? Hackers actively search for scripts on web servers which can be exploited. As soon as they find a weak script, they abuse it to gain control of the server. To see if you are affected, scan all Apache logs for suspicious entries like these:

[Sun Apr 16 22:15:08 2006] [error] [client 217.50.241.42] Invalid method in request recipientid=105&sessionid=440
[Sun Apr 16 22:43:32 2006] [error] [client 217.50.241.42] Invalid method in request recipientid=101&sessionid=6014
[Sun Apr 16 23:06:11 2006] [error] [client 217.50.241.42] Invalid method in request recipientid=103&sessionid=4424
[Sun Apr 16 23:06:11 2006] [error] [client 217.50.241.42] Invalid method in request recipientid=103&sessionid=4424

To hide your script activity and not give out any information, you can instruct your PHP scripts to output a 404 error using:

header("HTTP/1.0 404 Not Found");
exit;

This measure will create the illusion of a non-existent script ("File not found") and is likely to prevent hacker from further probing this script.

Source: (2006-07-28 06:26:27)

© 2006 TopicTracer.com

Home