FerdieQO
Well-known member
- Joined
- Jul 15, 2016
- Messages
- 222
- Points
- 28
With default settings, users can check information about the PHP version, the Webserver of the website using the header response. Then, if you forget to update PHP, hackers can take advantage of this information to attack as well as find vulnerabilities in your PHP version.
So, let's try these tips to hide PHP version on your Linux system.
1. How to check the PHP version
From a user perspective, check out the PHP version of any website:
The results are similar to the following:
Thus, it lets us know that website is using PHP 7.1.6
2. Hide the PHP version information
- To hide the PHP version, you need to configure in PHP: expose_php = off
You should create a custom.ini configuration file that do not modify the general php.ini configuration as this file may change as you update PHP. To find out the location of php.ini using this command php -i | more
Then use the Nano Editor to create and edit custom.ini in your own configuration directory. Add the following line to the file:
- Restart PHP
Finally, in order for the change to take effect, restart PHP, which varies depending on the operating system
Check the header, you will see the PHP version information has been hidden.
Finally, hiding the PHP version is just a trick to help you avoid hackers. They can still guess or find out your PHP version using a variety of methods, such as PHP Fingerprinting. So, the best way is to update regularly, in the latest version of PHP/Nginx.
Hope this helps.
So, let's try these tips to hide PHP version on your Linux system.
1. How to check the PHP version
From a user perspective, check out the PHP version of any website:
Code:
# curl -IL http://domain.com
# curl -IL https://domain.com
Code:
HTTP/1.1 200 OK
Date: Sun, 24 Dec 2017 04:05:02 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Set-Cookie: __cfduid=d2256f5d51e32dbd77184sdsa6831dd671514088301; expires=Mon, 24-Dec-18 04:05:01 GMT; path=/; domain=.domain.com; HttpOnly
X-Powered-By:[COLOR="#FF0000"] PHP/7.1.3[/COLOR]2. Hide the PHP version information
- To hide the PHP version, you need to configure in PHP: expose_php = off
You should create a custom.ini configuration file that do not modify the general php.ini configuration as this file may change as you update PHP. To find out the location of php.ini using this command php -i | more
Code:
RHEL/Fedora/CentOS Linux: /etc/php.d/
Debian/Ubuntu Linux and PHP v7.xx: /etc/php/7.0/fpm/conf.d/
Alpine Linux and PHP v5.6.xx: /etc/php5/conf.d/
Alpine Linux and PHP v7.xx: /etc/php7/conf.d/
Code:
expose_php = OffFinally, in order for the change to take effect, restart PHP, which varies depending on the operating system
Code:
RHEL/CentOS 5.x/6.x
# service php-fpm restart
RHEL/CentOS 7x
# systemctl restart php-fpm
Debian/Ubuntu Linux
# service php7.0-fpm restart
Alpine Linux
# /etc/init.d/php-fpm restart
FreeBSD
# service php-fpm restartFinally, hiding the PHP version is just a trick to help you avoid hackers. They can still guess or find out your PHP version using a variety of methods, such as PHP Fingerprinting. So, the best way is to update regularly, in the latest version of PHP/Nginx.
Hope this helps.
