Is there a way to find out if a site is using CI as framework?

[eluser]phoenixg[/eluser]
as the title asked

[eluser]InsiteFX[/eluser]
No not unless they tell it to show.

[eluser]wiredesignz[/eluser]
@phoenixg, You could try checking for the codeigniter licence.txt file or check the names of any cookies from the site. The developer can of course change config cookie names and use .htaccess to block file access.

[eluser]skunkbad[/eluser]
If the site is not using a custom error message for 404, the default is a rather obvious indication that they are using CI.

[eluser]phoenixg[/eluser]
404 sounds like a way, but if the 404 handler is customed, then there is no way? I'm wondering whether any framework like this as well, ie. no definite way to know how a site's structure is?

[eluser]boltsabre[/eluser]
Generally speaking, if you are viewing a website on your browser at home, there is no concrete way to tell, it's a security risk. Knowing it's a CI website also tells a hacker (are you one???) that it's also a php based application, and both these pieces of knowledge give a potential hacker a lot of information about how to try to launch an attack.

As mentioned above, check the 404 page, and check the cookie, by default it's called CI_SESSION I think, but any developer worth a pinch of salt will have changed these already.

[eluser]phoenixg[/eluser]
Thank you above all very much, by the way, @boltsabre, I'm not a hacker.

[eluser]skunkbad[/eluser]
Starting with CI v3, I believe part of the new license requires that a site basically reveal that it is using CI, but that doesn't help you for versions less than 3. Actually, the likelihood that less than 1% of people will understand that license means you don't really have any guarantees. It might be another way to detect CI usage.

Then, there's another way, but not always reliable. If you try to access one of the files in the system or application directory, you would get the message: "No direct script access allowed", but if somebody is using .htaccess to block access, the message would not be seen. In that case, the generated 403 error may be an indication that the site is using CI, but CI is probably not the only one with a system and application directory.

[eluser]phoenixg[/eluser]
[quote author="skunkbad" date="1340028691"]Starting with CI v3, I believe part of the new license requires that a site basically reveal that it is using CI, but that doesn't help you for versions less than 3. Actually, the likelihood that less than 1% of people will understand that license means you don't really have any guarantees. It might be another way to detect CI usage.

Then, there's another way, but not always reliable. If you try to access one of the files in the system or application directory, you would get the message: "No direct script access allowed", but if somebody is using .htaccess to block access, the message would not be seen. In that case, the generated 403 error may be an indication that the site is using CI, but CI is probably not the only one with a system and application directory.[/quote]

Thank you, very detail and professional explanation.