Easter eggs are undocumented program or bunch of codes which are shipped with your program knowingly or unknowingly. We can use PHP Easter eggs to identify exact version of PHP on server, and to prevent over salves by future attacks.
How they do it?
1.You can pass ?=PHPE9568F36-D428-11d2-A769-00AA001ACF42 to your PHP web site and if it responses with some logo then you are lucky one!!
2. Get PHP Credits details by ?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000
3. Get Zend Powered logo by ?=PHPE9568F35-D428-11d2-A769-00AA001ACF42
Do this logo and details really mean anything?
All of this logos have their own meaning, for example if you see
PHP CODER GUY WITH BREADSTICKS (Thies C. Arntzen): PHP Version 4.0.0 – 4.2.3
BROWN DOG IN GRASS (Stig’s dog, Nadia): PHP Version 4.3.0 – 4.3.10
BLACK SCOTTISH TERRIER (Zeev’s dog, Scotch): PHP Versions 4.3.11 – 4.4.6; and 5.0.4 – 5.1.2
BUNNY (Sterling’s rabbit, Carmella): PHP Version 5.0.0 – 5.0.3
COLORED PHP LOGO: PHP Version 5.1.3 – 5.2.13
ELEPHANT PHP LOGO: PHP Version 5.3.0 – current
So will Easter eggs only be pictures or images?
Easter eggs can be messages, videos, graphics, sound effects, or any unusual change in program behavior that sometimes occur in a software program in response to some undocumented set of commands, mouse clicks, keystrokes or other stimuli intended as a joke or to display program credits.
If it is showing only PHP logo then why should I be worried?
In may Easter eggs we have seen that on 1st April it is converting this images to PHP_info(); function and as we know if will revel all the details of your server to public.
Oh! It has scared me. How to prevent my server from Easter Eggs?
If you want to find these in the source, they’re in ext/standard/info.h. If you want to disable them, set expose_php to Off.
