PHP/5.2.5 user agent

Forum Moderators: coopster

Message Too Old, No Replies

PHP/5.2.5 user agent

incrediBILL

6:15 pm on Apr 16, 2008 (gmt 0)

Does anyone know what, if any, PHP/5.2.5 functions performing HTTP access would result in the user agent "PHP/5.2.5" showing up in a server log file?

My experience with PHP is always using CURL or some other tool for HTTP access so I'm stumped with this one, any ideas?

jatar_k

11:44 am on Apr 17, 2008 (gmt 0)

can't think of any off the top of my head, simmilar to the old libperl I guess

haven't seen a php useragent, almost makes me think it's something new

incrediBILL

5:09 pm on Apr 17, 2008 (gmt 0)

I'm seeing it almost daily from various IPs so I thought maybe someone might know something about it, quite curious.

coopster

5:22 pm on Apr 17, 2008 (gmt 0)

Dunno either. readfile(), file_get_contents() and friends all use the user agent in the browser that executes the code. If the code is run from the command line the user agent is a dash, as in:

localhost - - [17/Apr/2008:12:14:08 -0500] "GET /path/to/www/ HTTP/1.0" 200 69518 "-" "-"

where the last two dashes represent the referer and the user agent.

jatar_k

5:26 pm on Apr 17, 2008 (gmt 0)

maybe a recently written php scraper script?

coopster

5:29 pm on Apr 17, 2008 (gmt 0)

I'm certain that is where incrediBILL is headed, but I am not aware of any. I know that certain header responses contain that string, such as the

Server

header and the

X-Powered-By: PHP/5.2.5

incrediBILL

9:11 pm on Apr 17, 2008 (gmt 0)

X-Powered-By: PHP/5.2.5

Yup, I'm familiar with this, which you should disable server-wide as a matter of security if you broadcast it as the PHP hackers troll looking for that response.

Looks like a scraper to me.

I'm wondering if it's something like this library with the PECL::HTTP part removed:
"PECL::HTTP/1.6.0RC1 (PHP/5.2.5)"