How can I find the version of PHP that is running on a website?
David Beroff
Well-known member
- Joined
- Jun 14, 2016
- Messages
- 1,498
- Points
- 63
Interesting question but I think it is impossible because no one will allow you trace their server information like PHP version, OS version, Disk type, CPU cores..etc.. on their server.
I also tried a tool but it only returned the output like this without detect obviously php version.
I also tried a tool but it only returned the output like this without detect obviously php version.
rankmyhub
Well-known member
- Joined
- Feb 14, 2017
- Messages
- 193
- Points
- 18
Finding PHP Version running on a website is not impossible, but most of time Headers are hidden from exposing to public to prevent hackers from finiding vulnerabilities. However you can find headers from chrome developer tools as suggested by @hyperhost you can see x-powered-by
HP/5.6.30 which confirms that the website is using php 5.6.30.
Another way is to use a online SaaS tool like this https://securityheaders.io/ which shows up X-Powered by header information, if your target website exposing php version publicly. Hope this helps you. Thank you.
HP/5.6.30 which confirms that the website is using php 5.6.30. Another way is to use a online SaaS tool like this https://securityheaders.io/ which shows up X-Powered by header information, if your target website exposing php version publicly. Hope this helps you. Thank you.
rankmyhub
Well-known member
- Joined
- Feb 14, 2017
- Messages
- 193
- Points
- 18
Some websites if did not display x-powered by that means, either they are not using PHP or the website owners have turned off this header for security reasons.
They can hide information, as it is not safe to expose php version number publicly. Hackers target websites by looking at weak php, plugins, extensions etc... to get access to systems. Due to this reason security conscious people hide headers that are vulnerable.
Its configurable in hosting. Go to php.ini file there you can see a line with expose_php = On; turn it to Off and you are done. Now the X-Powered by header will not be displayed to anyone.
See this for more details: http://www.ducea.com/2006/06/16/apache-tips-tricks-hide-php-version-x-powered-by/
Thanks
David Beroff
Well-known member
- Joined
- Jun 14, 2016
- Messages
- 1,498
- Points
- 63
Your explaining is opposite to which the author said in the article above
But I think you are right on this, because at least hackers will not know which php version is running on web hosting and it will make them a little difficult to exploit a website.
I would like to know which we also should hide from our web hosting? Apache, Mysql versions...etc? to make server better security.
rankmyhub
Well-known member
- Joined
- Feb 14, 2017
- Messages
- 193
- Points
- 18
Follow security headers SaaS tool recommendations, its a good place to start securing your website. If you are on wordpress. There is plugin called https://wordpress.org/plugins/wp-simple-firewall/ which lets you define CSP and other headers to pass the security header test.
However somethings like https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning is difficult to implement. Apart from that you can implement most recommendations suggested by the tool.
Server Security and Website Security are different. Website can rely on server security to some extent, but website security is more important in most cases.
For example, only technically experinced people are aware or know how to intrude into your server. But weak website security can be exploited easily even by normal users using tools like brutus, etc... as website is public facing or frontend.
For General security, implementing security headers, using standard code and auditing (basic tools like wpscan ) will be sufficient.
I provided, this reference so that you can see what needs to be changed to turnoff expose php. As said, security is a complex subject to deal with. Yes, the author is right, merely hiding X Powered by header does not make you safe and secure. But you are leaving out clues about your server client side php version.
Which makes a big barrier for potential hacker, thus it acts like a firewall or gate and makes it difficult for the person to figure out what is being used by you.
Also it should be noted that PHP is server side executable scripting or programming language. So unless the hacker gets access to your system through FTP or someother protocol and puts his vlunerable or malware code into your server. The chances of getting hacked it difficult.
Now the good part is by hiding the X Powered by header, you are not giving any clue, and let me tell you hackers are not programmers, they just know how to use tools and exploit vulnerablities using set of standard tools. So they cannot code anything on own, of course some people does phython scripting. But normal webservers does not run phython scripts, so you are safe.
Security is difficult subject and it starts from keeping ourselves more secure first. Personally I have seen people not listening, despite of teaching some basics like password security. For example wordpress could be hacked easily, if the password can be guessed.
Do you know 10/100 people use password as pass or password and username as admin or administrator. Just because they cannot remember such basic things..suppose they use same password for their email, wordpress, and others. If the hacker gets access to one account, he can exploit same on other systems as well, easily.
Password is basic security and one must not make it weak.. If you are interested suggest to read this https://privacytoolsio.github.io/privacytools.io/#pw some tools you can use in your daily life to make things better.
Server security depends on server stack, underlying operating system in use. Usually, not needed unless you are managing VDS or VPS on your own. If you are on shared hosting, the hosting provider will harden things, so you do not need to bother much.
If you are running your own server, installed own OS, installed control panel on your own, then server security is important.
You must regularly update the packages, disallow root user ssh access, enable two factor authentication for cpanel users, follow security advisory provided by whm (yes, there is a security advisor on whm). And implement its suggestions.
These are sufficient in most cases. Make sure you paractice these on test systems, doing directly on production system for the first time may break things and you might loose access to your own server, if you do not know what you are doing.
https://documentation.cpanel.net/display/ALD/Security+Advisor
Hope this helps, you learn things one by one and implement on test systems before you do on live or production systems.
Dr. McKay
Well-known member
- Joined
- Nov 26, 2016
- Messages
- 565
- Points
- 28
If you have SSH, the easiest way to check PHP version with this simple command.
php --version
or
php -v
I tried to run on a server and got the result as following
[root@server1 ~]# php --version
PHP 7.2.8 (cli) (built: Jul 24 2018 07:24:07) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies
with Zend OPcache v7.2.8, Copyright (c) 1999-2018, by Zend Technologies
hostnetindia
Well-known member
- Joined
- Apr 4, 2019
- Messages
- 91
- Points
- 8
type f11 or f12 in keyboard buttons is the best way to know the php version.
Older Threads
Newer Threads
Latest Threads
Recommended Threads
Similar Threads
Latest Hosting OffersNew Reviews
-
Latest hosting offers
-
Save an incredible 90% off! The Best HostPapa Deal so Far: Unlimited SSL, 50 GB NVMe, 24/7 supportEssentials Hosting provides reliable and affordable web hosting solutions!- cancan
- Updated:
-
Affordable Dedicated Servers - Raspberry Pi & Intel N95 | From €12.90/mo - Unlimited Traffic.Affordable Raspberry Pi & Intel N95 Dedicated Servers with SSD Storage and Unlimited Traffic.- Tinyservers.eu
- Updated:
-
SystemInPlace - Low cost Dual E5 384GB/512GB RAM DEDI. 30% OFF FIRST MONTH! 1gb/2.5gb/5gb/10gbAffordable enterprise grade dedicated servers at a price you can afford.- systeminplace
- Updated:
-
