If you find something like that in your logfiles:

"GET /page.php?"

Your Server is a victim of a http-Inject attack.

you may find out that the above url points to a page containing this:
<?php echo md5("just_a_test"); ?>

What's going on ?

A Zombie network tries to add your Server
as a new Zombie for whatever reason.

It works like this:

In PHP, you may include external files
from the internet using e.g.

include '';

As soon as you (or your Content-Management System)
uses this together with special URL's,
You run into the following problem:

If 'someone' types an URL like e.g.

the code from
is executed on YOUR Server.

the Result of

<?php echo md5("just_a_test"); ?>

is "c6db3524fe71d6c576098805a07e79e4"

So What ?

If 'someone' is not a Person, but a Zombie Computer,
it will check out all possible cases to create
an access on the just_a_test page.

The MD5-Sum c6db3524fe71d6c576098805a07e79e4 apears now
somewhere on your page, and the Zombie knows that your
Server accepts external PHP scripts.

The Zombie will now send you another http-request
with PHP code that may infect Your Server.
In fact, they try to write a php-file to your server, that allows an external Person to run ANY PHP-CODE on your Server by simply upload a file.

What to do ?

If you do not use 'http:' within your URL's
Query_String you may simply add the following code
at the beginning of all of your PHP-Files:
Header("X-Powered-by: safe_http");	//Hide PHP-Version
if(preg_match("/http:/i", urldecode(getenv("REQUEST_URI").getenv("QUERY_STRING"))))
	Header( "HTTP/1.1 503 Service Unavailable" );
As long as the above code is on the FIRST Line, there is no way
your script is able to load external pages, it just gives back an empty Page


As an alternative, if you are able to change
your .htaccess file, you may create
a rewrite rule  403 FORBIDDEN there:
RewriteEngine on
RewriteCond %{QUERY_STRING} http[:%] [NC]
RewriteRule .* /------------http----------- [F,NC]
RewriteRule http: /---------http----------- [F,NC]
This is the fastest way and works for all files and all CMS Systems

For RewriteEngine on IIS Servers, try google or wikipedia

Warn other Webmasters with a Link to this Page:
<A HREF=''>safe_http</A>