On 6/12/07, Richard Lynch <ceo@xxxxxxxxx> wrote:
On Tue, June 12, 2007 2:41 pm, Eric Butera wrote: > Hopefully nobody has phpinfo just sitting out on a production server. A quick Google: http://www.google.com/search?hl=en&q=%22Zend+logo+This+program+makes+use+of+the+Zend+Scripting+Language+Engine%3A%22&btnG=Google+Search will tell you that you hope in vain. In fact, Google says that there are about 151,000 production servers have phpinfo() just sitting out there... Granted, some of those will be intentional by people who know what they are doing and what they are risking. I'm guessing that with a little effort, you could even search for phpinfo() pages exposing passwords that are allegedly protected by being in root-owned httpd.conf -- Some people have a "gift" link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So?
Guess that patch to prevent it from being spidered is a bit late. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
