RE: [PHP] hiding php
>> [Larry Brown] >> Because its better to have someone waste time trying known hacks for a >> platform I don't have than to have the same person not know >> the platform and >> start spending time figuring out what it is right off the bat. > [Mike Ford] > Well, if you *really* wnat to get hem going, you could send .jsp and > .cfm (and any others you can think of) through PHP as well!! If your gong down that road, you could use an arbitrary extension to pipe through php so that at the simplist level (the URL) the technology isnt misinformed (eg: .cfm as cold fusion), but at a blank completely, eg: http://your-server.com/some.script With .script being parsed by php, but the outside world not knowing what technology you are using behind the scenes. Very simple, yet very effective way of blindfolding the end user. -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software & Systems Engineer First Creative -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] hiding php
> -Original Message- > From: Larry Brown [mailto:[EMAIL PROTECTED]] > Sent: 03 December 2002 07:02 > > Because its better to have someone waste time trying known hacks for a > platform I don't have than to have the same person not know > the platform and > start spending time figuring out what it is right off the bat. Well, if you *really* wnat to get hem going, you could send .jsp and .cfm (and any others you can think of) through PHP as well!! Cheers! Mike - Mike Ford, Electronic Information Services Adviser, Learning Support Services, Learning & Information Services, JG125, James Graham Building, Leeds Metropolitan University, Beckett Park, LEEDS, LS6 3QS, United Kingdom Email: [EMAIL PROTECTED] Tel: +44 113 283 2600 extn 4730 Fax: +44 113 283 3211 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] hiding php
Actually.. You can turn off header responses in both apache and php. Inside the php.ini you will find: [ expose_php = Off ] In the ini-dist its even switched off by default. In the apache httpd.conf file you can set the following: [ ServerSignature On ] I believe you may also find some help in "mod_headers". In short you can do alot with the configuration to mask what you are running on what platform. If you are running FreeBSD you can even get it to emulate the SYN packets (used for TCP operating system fingerprinting) of alternative OS's (eg: Red Hat [why you would want people to think you'd run RH, to I dont know] / Solaris). Questions? >> Because its better to have someone waste time trying known hacks for a >> platform I don't have than to have the same person not know the >> platform and >> start spending time figuring out what it is right off the bat. > > That will not work.. try the following: > > telnet yourserve 80 > > and than type GET / HTTP1.0 and press Enter twice > > You'll see the server response which will tell anybody that the server > is Apache and even the operation system it runs at. -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software & Systems Engineer First Creative -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] hiding php
> Because its better to have someone waste time trying known hacks for a > platform I don't have than to have the same person not know the platform and > start spending time figuring out what it is right off the bat. That will not work.. try the following: telnet yourserve 80 and than type GET / HTTP1.0 and press Enter twice You'll see the server response which will tell anybody that the server is Apache and even the operation system it runs at. Regards, Serge -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] hiding php
On Tuesday 03 December 2002 15:01, Larry Brown wrote: > Because its better to have someone waste time trying known hacks for a > platform I don't have than to have the same person not know the platform > and start spending time figuring out what it is right off the bat. In response to your original question, yes you can run asp on apache. google -> "asp apache" would have told you the answer is less than 1 second. -- Jason Wong -> Gremlins Associates -> www.gremlins.biz Open Source Software Systems Integrators * Web Design & Hosting * Internet & Intranet Applications Development * /* No one can have a higher opinion of him than I have, and I think he's a dirty little beast. -- W.S. Gilbert */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] hiding php
Because its better to have someone waste time trying known hacks for a platform I don't have than to have the same person not know the platform and start spending time figuring out what it is right off the bat. Larry S. Brown Dimension Networks, Inc. (727) 723-8388 -Original Message- From: Justin French [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 03, 2002 12:39 AM To: Larry Brown; PHP List Subject: Re: [PHP] hiding php Why not just make up an extension, like your initials (.lsb) or your business name (.dim or .dni), and set-up apache to pipe all those files through PHP...?? That way they'll have no clue at all (if used in conjunction with the "hide PHP" stuff, etc etc). Justin on 03/12/02 4:13 PM, Larry Brown ([EMAIL PROTECTED]) wrote: > This should bump up my popularity here...can you run asp on apache? The > reason I ask is that I understand you can use a php option to hide the fact > that you are running php. This sounds like a good idea to keep people > guessing, but I also want to use .asp extensions and have them parsed for > the php tags. I thought this would be nice if someone wanted to screw with > a site they wouldn't even be trying tools that would apply. However, if you > can't run asp on apache nobody would be fooled. Any thoughts? > > Larry S. Brown > Dimension Networks, Inc. > (727) 723-8388 > > > Justin French http://Indent.com.au Web Development & Graphic Design -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] hiding php
Why not just make up an extension, like your initials (.lsb) or your business name (.dim or .dni), and set-up apache to pipe all those files through PHP...?? That way they'll have no clue at all (if used in conjunction with the "hide PHP" stuff, etc etc). Justin on 03/12/02 4:13 PM, Larry Brown ([EMAIL PROTECTED]) wrote: > This should bump up my popularity here...can you run asp on apache? The > reason I ask is that I understand you can use a php option to hide the fact > that you are running php. This sounds like a good idea to keep people > guessing, but I also want to use .asp extensions and have them parsed for > the php tags. I thought this would be nice if someone wanted to screw with > a site they wouldn't even be trying tools that would apply. However, if you > can't run asp on apache nobody would be fooled. Any thoughts? > > Larry S. Brown > Dimension Networks, Inc. > (727) 723-8388 > > > Justin French http://Indent.com.au Web Development & Graphic Design -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] hiding php
So change your Apache server string to say IIS instead. Why tell them you are using Apache? On Tue, 3 Dec 2002, Larry Brown wrote: > This should bump up my popularity here...can you run asp on apache? The > reason I ask is that I understand you can use a php option to hide the fact > that you are running php. This sounds like a good idea to keep people > guessing, but I also want to use .asp extensions and have them parsed for > the php tags. I thought this would be nice if someone wanted to screw with > a site they wouldn't even be trying tools that would apply. However, if you > can't run asp on apache nobody would be fooled. Any thoughts? > > Larry S. Brown > Dimension Networks, Inc. > (727) 723-8388 > > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] hiding php
yes look around for sum thing like chilli soft from sun microsystems, but it's not free.. i dunno if there is a free one.. > -Original Message- > From: Larry Brown [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, 3 December 2002 4:13 PM > To: PHP List > Subject: [PHP] hiding php > > > This should bump up my popularity here...can you run asp on apache? The > reason I ask is that I understand you can use a php option to > hide the fact > that you are running php. This sounds like a good idea to keep people > guessing, but I also want to use .asp extensions and have them parsed for > the php tags. I thought this would be nice if someone wanted to > screw with > a site they wouldn't even be trying tools that would apply. > However, if you > can't run asp on apache nobody would be fooled. Any thoughts? > > Larry S. Brown > Dimension Networks, Inc. > (727) 723-8388 > > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Hiding php Code
If you don't want the admin or web server user to see your code, you may want to consider Zend's Encode product (http://www.zend.com/zend/products.php#encoder) which encodes your PHP code for you. BUT, this can be rather expensive (depending on your use) and you probably still need your Administrator to install it for you, so I'm not sure if this does you any good or not. Josh Hoover KnowledgeStorm, Inc. Searching for a new IT solution for your company? Need to improve your product marketing? Visit KnowledgeStorm at www.knowledgestorm.com to learn how we can simplify the process for you. KnowledgeStorm - Your IT Search Starts Here > That's the problem, I don't want the web server user or > administrator to see > the code. > > Rene
Re: [PHP] Hiding php Code
That's the problem, I don't want the web server user or administrator to see the code. Rene Kath wrote: > You might be able to limit who the file is readable by to just the web > server user. > > - Original Message - > From: "Rene Maldonado" <[EMAIL PROTECTED]> > To: "Lista PHP" <[EMAIL PROTECTED]> > Sent: Thursday, March 01, 2001 4:02 PM > Subject: [PHP] Hiding php Code > > > Hi all, I need to hide the php code, on the server. > > > > I know that php is not compiled, so, is there a way to do this?? > > > > Thanks > > > > Rene > > > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > To contact the list administrators, e-mail: [EMAIL PROTECTED] > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] hiding .php
also sprach Fredrik Arild Takle (on Mon, 26 Feb 2001 10:34:11PM +0100): > did you get answers to your problem? not from the list. but i found two solutions, both of which require modification of httpd.conf, and both of which are ergo apache-specific: http://www.zend.com/tips/tips.php?id=145&single=1 http://www.zend.com/tips/tips.php?id=147&single=1 i will be using the first one because it provides greater flexibility. martin [greetings from the heart of the sun]# echo madduck@!#:1:s@\@@@.net -- windows nt crashed. i am the blue screen of death. no one hears your screams. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]