• How To Protect your PHP Script by hiding the extensions

    A few simple techniques can help to hide PHP, possibly slowing down an attacker who is attempting to discover weaknesses in your system. By setting expose_php to off in your php.ini file, you reduce the amount of information available to them. Another techniques is to configure web servers such as apache to parse different filetypes through PHP, either with an .htaccess directive, or in the apache configuration file itself. You can then use misleading file extensions:

    Example (1): Hiding PHP as another language

    #write below code in .htaccess
    # Make PHP code look like other code types
    AddType application/x-httpd-php .asp

    From Above Technique you must have to use yourfilename.asp for run your

    php File.
    In above Example you can use any unknown type by replacing .asp with

    another like wise .amp , .html , .htm or etc.

    Example (2): By setting expose_php to off in your php.ini file

    modify below Files :

    httpd.conf
    ————-
    # …
    # Minimize ‘Server’ header information
    ServerTokens Prod
    # Disable server signature on server generated pages
    ServerSignature Off
    # …
    # Set default file type to PHP
    DefaultType application/x-httpd-php
    # …

    php.ini
    ————
    ; …
    expose_php = Off
    ; …

    Now the URLs will look like this:

    http://websitename/forums/post?id=15

    Check Above URL .php missing
    Now hacker knows only that you are using Apache.

Comments on this post

Leave a Reply

  • Security Code :


    five + 2 =