Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Using CodeIgniter Best Practices How to hide CI from being detected
How to hide CI from being detected
  • Offline mdeuerlein
    Newbie
  • *
  • Posts: 2
    Threads: 1
    Joined: May 2016
    Reputation: 0
#1
Question  05-06-2016, 04:33 AM

I just tried the Chrome extension BuiltWith TechnologyProfiler. Just a short click on the extension and it tries to detect and show all technologies used by the website you have currently open in your browser tab.

I tried it with some of my websites and it always detected the use of Codeigniter (see Screenshot). 
I already changed the name of Session_Cookie but that didn't help. 

Do you know how they detect CI and how do disable the detection?

Thanks in advance
Markus

   
Reply
  • Offline PaulD
    Posting Freak
  • *****
  • Posts: 1,061
    Threads: 42
    Joined: Mar 2015
    Reputation: 73
#2
05-06-2016, 09:02 AM

A quick google revealed this:

Quote:The technology has to be discoverable in either the page body, cookies or server headers.

Not sure what you can do about the server headers, or what they mean exactly by that phrase. I checked server headers on one of my sites and could not see a 'powered by CI' or anything similar - I may have just missed it though.

Why do you care? Are you hiding something? What difference could it possibly make?

Best wishes,

Paul.
Reply
  • Offline skunkbad
    Senior Citizen
  • *****
  • Posts: 1,300
    Threads: 63
    Joined: Oct 2014
    Reputation: 86
#3
05-06-2016, 10:13 AM

If you want BuiltWith to show that you are using CodeIgniter, then you'd probably need to be using CI sessions with the default session cookie name. Other than that, the only way I can tell that you can detect if a site is running CI is to purposely request a page that will 404, and check if the site is using CI's default 404 page.

I just checked 2 of my sites and one of my customers, and none were detected as built with CI.
Expert Website Development - Temecula, CA
Community Auth For CodeIgniter 3
Reply
  • Offline ivantcholakov
    Senior Member
  • ****
  • Posts: 668
    Threads: 17
    Joined: Oct 2014
    Reputation: 37
#4
05-06-2016, 10:14 AM

Rename the session identifier (put another valid name like bf385bac) and see what would be the result https://github.com/bcit-ci/CodeIgniter/b...g.php#L371 The default name helps for this detection, I guess.

For not exposing PHP, there was a special PHP-ini seetting, as far as I can remember.
Reply
  • Offline mdeuerlein
    Newbie
  • *
  • Posts: 2
    Threads: 1
    Joined: May 2016
    Reputation: 0
#5
05-06-2016, 01:34 PM

@PaulID: The Reason for hiding the Framework or CMS is simple. The less you know about a System, the harder it is to attack.

The name of the Cookies/Sessions was my first thought. I changed it, but it looked like it didn't solve the Problem....
But because i also think this could be the only way to detect, i did another try and now it seems that the Chrome extension is also caching the Information.

So the "problem" is now solved.
Reply
  • Offline PaulD
    Posting Freak
  • *****
  • Posts: 1,061
    Threads: 42
    Joined: Mar 2015
    Reputation: 73
#6
05-07-2016, 02:10 PM
(This post was last modified: 05-07-2016, 02:11 PM by PaulD.)

(05-06-2016, 01:34 PM)mdeuerlein Wrote: @PaulID: The Reason for hiding the Framework or CMS is simple. The less you know about a System, the harder it is to attack.

Good point actually. Never thought of that

Quote:Posted by dubefx - 1 hour ago
Rename/delete readme, copyright

What does that mean?
Oh I see what you mean now. Make sure no identifiable docs are left in the public folder.
Reply




Theme © iAndrew 2016 - Forum software by © MyBB