So I was doing some client work today when I noticed something somewhat disturbing;
phpinfo() has a logo that sends data back to php.net. I’m not sure exactly what the data is, but here’s the offending markup.
<img border="0" src="?=PHPE9568F34-D428-11d2-A769-00AA001ACF42" alt="PHP Logo" />
The somewhat more disturbing part is that this image also sets a cookie. The cookie appears to hold both my country and the IP address of the requesting agent.
I’ve looked at a few scripts and found that the
src of the image file appears to change slightly between installations. I’m sure it’s nothing malicious, but it is a bit odd.
Anyone else know anything about this?