My boss recently wants me to create a dummy PHP information page as known as phpinfo. This page can gives much more information on your server environment and application supported inside the web server. His purpose is only want to mislead anyone who is trying to view the phpinfo.php file in the web server. And surprisingly, we detected connection to this phpinfo page after 2 days it being live in the production web server.
On following PHPinfo example, I have extract the information from a WAMP server and place it inside the Apache web server which run on Linux. With some variable changes, we can make a fake phpinfo.php file and view exactly like what real phpinfo page looks alike.
Variables as below:
OS: CentOS 5.2 64bit
Apache root document: /var/www/html
Server IP: 192.168.100.10
Phpinfo URL: http://192.168.100.10/phpinfo.php
1. Create a new file inside your root document of web server called phpinfo.php (or whatever name you want):
$ cd /var/www/html $ touch phpinfo.php
2. Using text editor, open the files and paste the fake PHP info code below:
$ nano phpinfo.php
Paste following line:
3. Save the file and you can view it via browser at http://192.168.100.10/phpinfo.php. You also can track user who access to this phpinfo page by adding following line in the php code above:
$to = '[email protected]'; //replace with your email address $subject = 'Some one is viewing the fake phpinfo page!'; $message = ' Date: '.date('l jS \of F Y h:i:s A').' Source IP: '.$_SERVER['REMOTE_ADDR']; mail($to, $subject, $message);
Done. You can also use the same code to run on Windows environment. Even though this page has disallow search engine robot to access which will not being indexed in the search engine, you will notice someone will try to play with your phpinfo page. Believe me!