Comments on: phpinfo() Phones Home http://www.joestump.net/2006/03/phpinfo-phones-home.html Just another WordPress weblog Fri, 21 Nov 2008 16:22:57 +0000 http://wordpress.org/?v=2.3.1 By: Andrewd http://www.joestump.net/2006/03/phpinfo-phones-home.html#comment-2861 Andrewd Tue, 04 Apr 2006 06:40:17 +0000 http://www.joestump.net/2006/03/phpinfo-phones-home.html#comment-2861 That's just how they're serving the images... the phpinfo() function is likely doing the following: examining the GET request for "PHPE9568F34-D428-11d2-A769-00AA001ACF42", clears the output buffer, sets the Content-Type headers appropriately does a readthrough() of the image file and exits. The images are served off your local machine, all from the same function... This does bring up the concern that this "magic" actually makes the call back to php.net and we can check for that too: # /usr/sbin/tcpdump | grep php tcpdump: listening on eth0 <refresh the page a few times> 3236 packets received by filter 0 packets dropped by kernel < control-c > nothing. and... to keep the Wonka going: IT'S ALL THERE, CLEAR AS CRYSTAL! YOU STOLE FIZZY LIFTING DRINKS; YOU BUMPED INTO THE CEILING WHICH NOW HAS TO BE WASHED AND STERILIZED, SO YOU GET NOTHING! That’s just how they’re serving the images… the phpinfo() function is likely doing the following:
examining the GET request for “PHPE9568F34-D428-11d2-A769-00AA001ACF42″,
clears the output buffer,
sets the Content-Type headers appropriately
does a readthrough() of the image file
and exits.

The images are served off your local machine, all from the same function…

This does bring up the concern that this “magic” actually makes the call back to php.net and we can check for that too:

# /usr/sbin/tcpdump | grep php
tcpdump: listening on eth0

3236 packets received by filter
0 packets dropped by kernel

< control-c >

nothing.

and… to keep the Wonka going:

IT’S ALL THERE, CLEAR AS CRYSTAL! YOU STOLE FIZZY LIFTING DRINKS; YOU BUMPED INTO THE CEILING WHICH NOW HAS TO BE WASHED AND STERILIZED, SO YOU GET NOTHING!

]]> By: Max Goldberg http://www.joestump.net/2006/03/phpinfo-phones-home.html#comment-2860 Max Goldberg Wed, 29 Mar 2006 13:40:42 +0000 http://www.joestump.net/2006/03/phpinfo-phones-home.html#comment-2860 You just completely n00b'd all over yourself. That cookie was probably set by PHP.net; the image (which is sent by the PHP interpreter, NOT the PHP web site) sets nothing. YOU LOSE. GOOD DAY, SIR. You just completely n00b’d all over yourself. That cookie was probably set by PHP.net; the image (which is sent by the PHP interpreter, NOT the PHP web site) sets nothing.

YOU LOSE. GOOD DAY, SIR.

]]> By: Ian Eure http://www.joestump.net/2006/03/phpinfo-phones-home.html#comment-2859 Ian Eure Wed, 29 Mar 2006 13:23:02 +0000 http://www.joestump.net/2006/03/phpinfo-phones-home.html#comment-2859 It doesn't phone home. No information is sent to php.net or anywhere else. The PHP interpreter on the server sees that GUID and serves back the image data, which is embedded in the PHP executable or Apache/IIS module. As for the cookie, I don't know. Mine does not set a cookie. Seems like that may be some other stuff running on the server, not PHP code per se. Either way, it's harmless, since cookies can't be set outside of the domain of the requested page, i.e. it will never be sent to a site other than the one you requested. It doesn’t phone home. No information is sent to php.net or anywhere else.

The PHP interpreter on the server sees that GUID and serves back the image data, which is embedded in the PHP executable or Apache/IIS module.

As for the cookie, I don’t know. Mine does not set a cookie. Seems like that may be some other stuff running on the server, not PHP code per se. Either way, it’s harmless, since cookies can’t be set outside of the domain of the requested page, i.e. it will never be sent to a site other than the one you requested.

]]>