Easter Eggs (Easter eggs) outside the pedestrian estimates do not understand this is a sacred tree, the internet explanation of eggs is: For computers, video games, computer games, DVDs or other interactive multimedia in the hidden functions or information. PHP contains a security vulnerability that could lead to unauthorized disclosure of information, and if you are running PHP, you may be able to find PHP versions and other sensitive information. I think it is necessary to solve this egg problem to ensure the security of your site.
How does the PHP egg work?
Whenever you run a PHP server, you can access any page by adding the following string to view the information after the domain name:
Of course, if there is a loophole can be seen through the above to see information, now the general site has been blocked. However, if there is a description of the expose_php is enabled, PHP will generate the page to send out PHP version information, so some "bad guys" know your version number to use a known version of the vulnerability to attack.
How to stop the eggs
In general, if your server supports editing php.ini files, we can disable the expose_php in php.ini. If you can't manipulate the php.ini file, you can also screen by setting. htaccess.
Really appreciate it Jeff Starr ' s post expose_php, Easter Eggs, and. htaccess.
Example:
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
