Welcome to the MacNN Forums.

besson3c · Jan 28, 2008, 04:27 PM

This file has been active forever:

http://forums.macnn.com/phpinfo.php

Won't somebody wake up the machine admins and have this file removed? You do NOT want to keep it exposed like it has been for months.

This file is totally safe to yank, its contents are simply:

<?php
phpinfo();
?>

rickey939 · Jan 28, 2008, 04:36 PM

Shhhhhh.

Dork. · Jan 28, 2008, 04:44 PM

Why are you trying to hack MacNN, besson3c?

besson3c · Jan 28, 2008, 06:10 PM

Originally Posted by Dork.

Why are you trying to hack MacNN, besson3c?

Well, I just watched National Treasure, and I was thinking that I would be a MacNN hero if I could hack into this forum software and figure out who Abe really is. I'm sick of losing sleep puzzling this out in my head, so I decided to take matters into my own hands!

Demonhood · Jan 28, 2008, 06:24 PM

you must be imagining things

besson3c · Jan 28, 2008, 06:33 PM

Yeah, maybe I wasn't lucid, cause it's gone.

Sometimes I'm not lucid.

rickey939 · Jan 28, 2008, 09:56 PM

I look forward to the file ending up on eBay.

OwlBoy · Feb 1, 2008, 05:53 PM

Originally Posted by rickey939

I look forward to the file ending up on eBay.

It will prolly be really cheap, but the shipping will totally kill the deal.

-Owl

Kerrigan · Feb 17, 2008, 03:32 AM

lol-

ghporter · Feb 19, 2008, 07:28 AM

Originally Posted by OwlBoy

It will prolly be really cheap, but the shipping will totally kill the deal.

-Owl

Nah. eBay will decide this file is politically incorrect because the ad will mention something about it NOT being the PHP file from MacRumors, and so they'll cancel the auction. And still charge the seller all the fees. Gotta love eBay.

Oisín · Feb 19, 2008, 02:59 PM

Since this is pretty much a zombie thread whose topic is now irrelevant and has turned to randomness, can someone tell me why Besson was banned? Per request, or did I miss something? I didn’t see him do anything that could be considered a bannable offence?

Dakar the Fourth · Feb 19, 2008, 03:03 PM

Whoa, when the hell did I miss that? $5 says he was Butthawk, and got a temp ban for the dupe account.
Edit: Or maybe the Not Butthawk account. This is all very complex, much like the Da Vinci Code.

C.A.T.S. CEO · Feb 19, 2008, 05:00 PM

Originally Posted by Dakar the Fourth

Whoa, when the hell did I miss that? $5 says he was Butthawk, and got a temp ban for the dupe account.
Edit: Or maybe the Not Butthawk account. This is all very complex, much like the Da Vinci Code.

I knew it.

Dork. · Feb 19, 2008, 05:45 PM

I propose that whenever someone who is already a member becomes a "new member" and starts trolling, we should start referring to this activity as "butthawking". Just because I think that word is awesome. Butthawking should be punishable by π points of infractions.

For what it's worth, I think besson3c was the first butthawker here, but not the only butthawker. You can ask him on that known fanboy forum, if you like. (Actually, please go there, now that besson3c is banned from here for a while he's going to be there all the time, getting the carpet all messy...)

Sherman Homan · Feb 19, 2008, 06:04 PM

OMG!
He's a moderator there?!
lol!

Oisín · Feb 19, 2008, 06:06 PM

Originally Posted by Sherman Homan

OMG!
He's a moderator there?!
lol!

Considering he started it, that makes good sense.

(I forget—it was just Besson who started it, right? And then BlueSky and... err, a few others, joined very quickly? Or did they start it together?)

(Actually, please go there, now that besson3c is banned from here for a while he's going to be there all the time, getting the carpet all messy...)

Are you calling me a cleaning lady?

Dork. · Feb 19, 2008, 06:14 PM

Originally Posted by Oisín

Are you calling me a cleaning lady?

I figure that with new people to distract him, maybe he won't poop on the carpet quite so much....

Oisín · Feb 19, 2008, 06:15 PM

Cleaning lady or poop distractor.

I’m not sure which one’s the lesser evil here, to be honest.

Tomchu · Feb 19, 2008, 06:41 PM

I don't see how anyone knowing the output of phpinfo(); is going to make a forum any more hackable. If your Web server/PHP environment is set up insecurely, someone WILL figure out a hole, whether or not they've seen phpinfo().

That said ... the jumbled-up five stars look rather funny. :-P

reader50 · Feb 19, 2008, 07:40 PM

Originally Posted by Oisín

Since this is pretty much a zombie thread whose topic is now irrelevant and has turned to randomness, can someone tell me why Besson was banned? Per request, or did I miss something? I didn’t see him do anything that could be considered a bannable offence?

besson3c's Butthawk account was banned for trolling, asking for SS numbers, etc after the joke wore off. When besson started up a 2nd Butthawk nick, (thereby ignoring the staff's troll decision) he got a week's vacation. He'll be back.

The 3rd Butthawk nick was someone else.

Oisín · Feb 20, 2008, 07:19 AM

Originally Posted by Tomchu

I don't see how anyone knowing the output of phpinfo(); is going to make a forum any more hackable. If your Web server/PHP environment is set up insecurely, someone WILL figure out a hole, whether or not they've seen phpinfo().

That said ... the jumbled-up five stars look rather funny. :-P

Those are because he has more than 15,000 posts.

besson3c's Butthawk account was banned for trolling, asking for SS numbers, etc after the joke wore off. When besson started up a 2nd Butthawk nick, (thereby ignoring the staff's troll decision) he got a week's vacation. He'll be back.

The 3rd Butthawk nick was someone else.

Thanks for the info—I’d barely noticed this Butthawk nick, and didn’t know it was Besson in disguise.

besson3c · Feb 25, 2008, 11:19 AM

Originally Posted by Tomchu

I don't see how anyone knowing the output of phpinfo(); is going to make a forum any more hackable. If your Web server/PHP environment is set up insecurely, someone WILL figure out a hole, whether or not they've seen phpinfo().

That said ... the jumbled-up five stars look rather funny. :-P

It's not that phpinfo() in and of itself makes the server less secure, but it is advertising the server's vulnerabilities. When a basic Nessus scan picks up this file and provides a convenient way for anybody to plan an attack based on the weakness and exploits of the older PHP version being run on the server and all that is required to close that screen door you left wide open is to delete the file, why not? It's an extremely easy thing to do.

Tomchu · Feb 25, 2008, 12:05 PM

Security through obscurity, then?

What's the use of the screen door if the rest of the house is missing a wall (vulnerable PHP release)? The real solution is to upgrade PHP.

besson3c · Feb 25, 2008, 12:08 PM

Originally Posted by Tomchu

Security through obscurity, then?

What's the use of the screen door if the rest of the house is missing a wall (vulnerable PHP release)? The real solution is to upgrade PHP.

That is true.

Again, I'm not saying that deleting the file creates more inherent security, I'm just saying that it is extremely low dangling fruit, and that leaving it around does advertise vulnerabilities. I'm not saying that these vulnerabilities could not be discovered via another means, but leaving the file around is sort of like writing "my door is unlocked" along the side of your house or something, ya know?

Tomchu · Feb 25, 2008, 01:04 PM

Perhaps.

If it was a vulnerable PHP installation to start with. :-P

chris v · Feb 25, 2008, 07:24 PM

Originally Posted by rickey939

I look forward to the file ending up on eBay.

I have a brand new, unused folder I'll sell you for $5.00 I just made it on my desktop using shift+command+n, but realized I didn't need it. Paypal me, and I'll email it to you.