phpinfo.php: incredible, but true
It was evening, there was nothing. I wrote a script to search for files phpinfo.php. 36,804 sites of the Runet were investigated, at 1,725 there was a phpinfo.php file with the phpinfo function (~ 4.69%).
As you can see, not all webmasters know the simple truth - hacking a site begins with collecting information about the server.
A similar check of foreign sites showed that our foreign colleagues are more prudent: 166,652 sites were explored, phpinfo.php was found at 3.923 (~ 2.35%).
')
% username%, and you deleted the phpinfo.php file ( temp.php , test.php ) from your site?
Side effect of the study, PHP version statistics
The list of Russian sites is taken from Yandex.Catalog, the list of foreign sites from DMOZ.
UPD. Some general statistics.
In Runet from 1,725 sites, the register_globals is enabled by 941 (~ 54.5%), safe_mode by 106 (~ 6.1%)
In Burzhuneta from 3,923 sites, register_globals is enabled by 1.457 (~ 37.1%), safe_mode by 195 (~ 5%)
As you can see, not all webmasters know the simple truth - hacking a site begins with collecting information about the server.
A similar check of foreign sites showed that our foreign colleagues are more prudent: 166,652 sites were explored, phpinfo.php was found at 3.923 (~ 2.35%).
')
% username%, and you deleted the phpinfo.php file ( temp.php , test.php ) from your site?
Side effect of the study, PHP version statistics
| Version | Runet | Burzhunet | ||
|---|---|---|---|---|
| 5.3.3 | 23 | 1.33% | 66 | 1.68% |
| 5.3.2 | 28 | 1.62% | 51 | 1.3% |
| 5.3.1 | five | 0.29% | 13 | 0.33% |
| 5.3.0 | 2 | 0.12% | eleven | 0.28% |
| 5.2.14 | 134 | 7.77% | 771 | 19.65% |
| 5.2.13 | 85 | 4.93% | 380 | 9.69% |
| 5.2.12 | 199 | 11.54% | 188 | 4.79% |
| 5.2.11 | 71 | 4.12% | 128 | 3.26% |
| 5.2.10 | 147 | 8.52% | 87 | 2.22% |
| 5.2.9 | 84 | 4.87% | 262 | 6.68% |
| 5.2.8 | 41 | 2.38% | 106 | 2.7% |
| 5.2.7 | one | 0.03% | ||
| 5.2.6 | 166 | 9.62% | 301 | 7.67% |
| 5.2.5 | 64 | 3.71% | 114 | 2.91% |
| 5.2.4 | 46 | 2.67% | 75 | 1.91% |
| 5.2.3 | 13 | 0.75% | 22 | 0.56% |
| 5.2.2 | 6 | 0.35% | 14 | 0.36% |
| 5.2.1 | 9 | 0.52% | 25 | 0.64% |
| 5.2.0 | 31 | 1.8% | 38 | 0.97% |
| 5.2 | 2 | 0.12% | ||
| 5.1.6 | 100 | 5.8% | 240 | 6.12% |
| 5.1.5 | one | 0.03% | ||
| 5.1.4 | five | 0.29% | 18 | 0.46% |
| 5.1.2 | ten | 0.58% | 20 | 0.51% |
| 5.1.1 | one | 0.06% | 2 | 0.05% |
| 5.1.0 | one | 0.03% | ||
| 5.1 | 3 | 0.08% | ||
| 5.0.5 | 3 | 0.17% | 17 | 0.43% |
| 5.0.4 | five | 0.29% | nineteen | 0.48% |
| 5.0.3 | 6 | 0.15% | ||
| 5.0.2 | one | 0.03% | ||
| 5.0.0 | one | 0.03% | ||
| 4.4.9 | 179 | 10.38% | 375 | 9.56% |
| 4.4.8 | 35 | 2.03% | 79 | 2.01% |
| 4.4.7 | 24 | 1.39% | 77 | 1.96% |
| 4.4.6 | one | 0.06% | 15 | 0.38% |
| 4.4.5 | four | 0.1% | ||
| 4.4.4 | 60 | 3.48% | 78 | 1.99% |
| 4.4.3 | five | 0.29% | 7 | 0.18% |
| 4.4.2 | eleven | 0.64% | 17 | 0.43% |
| 4.4.1 | eleven | 0.64% | eleven | 0.28% |
| 4.4.0 | 2 | 0.12% | 13 | 0.33% |
| 4.3.11 | 13 | 0.75% | 63 | 1.61% |
| 4.3.10 | 39 | 2.26% | 69 | 1.76% |
| 4.3.9 | 46 | 2.67% | 68 | 1.73% |
| 4.3.8 | one | 0.06% | 2 | 0.05% |
| 4.3.6 | one | 0.06% | 3 | 0.08% |
| 4.3.5 | one | 0.03% | ||
| 4.3.4 | 2 | 0.12% | 17 | 0.43% |
| 4.3.3 | eleven | 0.28% | ||
| 4.3.2 | 9 | 0.52% | 13 | 0.33% |
| 4.3.1 | one | 0.06% | 2 | 0.05% |
| 4.3.0 | one | 0.06% | 2 | 0.05% |
| 4.2.3 | 2 | 0.12% | five | 0.13% |
| 4.2.2 | 6 | 0.15% | ||
| 4.1.2 | 2 | 0.12% | 2 | 0.05% |
| 4.1.1 | one | 0.03% | ||
| Total | 1725 | 3923 | ||
The list of Russian sites is taken from Yandex.Catalog, the list of foreign sites from DMOZ.
UPD. Some general statistics.
In Runet from 1,725 sites, the register_globals is enabled by 941 (~ 54.5%), safe_mode by 106 (~ 6.1%)
In Burzhuneta from 3,923 sites, register_globals is enabled by 1.457 (~ 37.1%), safe_mode by 195 (~ 5%)
Source: https://habr.com/ru/post/108152/
All Articles