How to find all instances of phpinfo on a server Matt B, May 8, 2024 Table of Contents IntroWhy is phpinfo being visible an issue?Finding files via Command Line/SSHWrapping upIntroThe phpinfo function is a useful function used by both developers and administrators to quickly and easily gather comprehensive information about the PHP environment running on a server. However, people often forget to clean up their temporary phpinfo files, which leaves the visible output of this function accessible to users if they find the file. This can be a huge security issue, as you can accidentally reveal information to potential attackers.For this reason, you may want to find all instances of phpinfo quickly so that you can get them removed. This guide will show you how to use grep to quickly and easily find any files that contain phpinfo calls on a Linux server.Why is phpinfo being visible an issue?Before starting, it’s a good idea to understand the potential risks associated with the existence of rogue phpinfo files. When accessed via a web page, phpinfo displays an extensive array of PHP configuration details, including server paths, PHP modules, environment variables, and much more.Bad actors can exploit this information to identify vulnerabilities and to tailor attacks to your server setup.Finding files via Command Line/SSHNormally when searching across Linux systems, I opt to use the find command, however, we don’t want to search by name as while many files that call phpinfo may be called phpinfo.php or info.php, this isn’t necessarily the case.Fortunately, we can instead use the powerful functionality of grep, meaning we can find all files that contain calls to phpinfo easily. This can be done using the following steps:Connect to your server via SSH.Navigate to the web root directory where your website’s files are located. This is typically “/home/username/public_html/” on cPanel type servers, or /var/www on bespoke setups.Use the grep command to search for files containing “phpinfo()”. This can be achieved with the following command:grep -r 'phpinfo()' .This command recursively searches all files within the current directory for occurrences of “phpinfo();” and prints them to the screen. Alternatively, if you want to save your output to a file, you can use the following:grep -r 'phpinfo();' . > phpinfo_files.txtThis will create a file called phpinfo_files.txt in your current directory. You can then view the contents of this file using the following command:cat phpinfo_files.txtIt is worth mentioning that we’ve intentionally included the semicolon at the end, as this will ensure that we only find matches that are actually calling the function. This prevents comments that include “phpinfo()” from being included in the list, such as those that you might see in changelogs or CodeSniffer comments.Wrapping upThis guide has shown you how to quickly and easily find all files that call phpinfo() on a Linux server. If you’ve got any questions or run into any problems, please feel free to leave a comment. PHP Linux Security