Probably, many Internet users know that when creating websites, various ready-made tools are used. They are called engines or CMS. How to determine which engine is used on the site, and why it is needed, will be discussed later in our article.
What is a website engine and what is it for?
The site engine is an automated tool for managing and configuring. In particular, many CMS allow you to change the look of something by applying a template, add new content, menu, whole page or section.
Words, Joomla, Drupal, domestic "Bitrix" and many others can be distinguished from the most famous ones.
How to find out the site engine
The engine can be recognized in several ways:
- by parsing the page manually;
- determining by typical characteristics;
- using online services.
To analyze the site using improvised means, you need to open the source code of the page. A little skimming through the lines can reveal a lot of useful information.
Almost every site has a meta name tag with the name generator in the body of its code. It may or may not specify a content management system. It all depends onwhether the portal admin has taken any means of concealment.
You can find out which engine the site is on by viewing the robots.txt file. It is designed to prohibit visits to certain pages by search engines. Therefore, it may contain standard paths for some CMS. Naturally, you need to know the file and folder structure of the most popular engines.
The appearance of the links on the page can also help to recognize the site's engine. If the CMS does not use third-party link generation solutions, then by default, they may look like this:
- /p=501 - actual link type for WordPress;
- /index.php?option=com_content… - this template is used in Joomla by default;
- page /page_name - this is how the URL looks like in MaxSite.
Finding out the site engine will help the method of substituting the addresses of admins of known CMS. It is worth trying to substitute the following paths to the domain:
- wp-admin - WordPress admin panel;
- administrator - this address is used by Joomla;
- admin - and this one belongs to MaxSite.
Scanning server responses can also help you find out what engine the site is on. This can be done with the help of special tools. In the response from the server, we are interested in the http header. It may contain a field with the valueX-Powered-CMS.
It makes sense to look at the site's saved cookies as well. This may also require special tools called sniffers. Among the cookie strings, you can find parts of the names of popular CMS, for example, wp or umicms.
The first tool is Itrack. In its database, it has the characteristics of more than 50 content management tools in order to find out the site engine online. It is enough to visit the site, enter the name of the desired domain, captcha and click "Check". After a while, the service will scan the specified site and issue its verdict. And if there is a CMS, then it will be displayed.
Another good multifunctional service to find out the website engine online, - 2ip. Here the address of the scanned resource is entered and the "Learn" button is pressed. The system will enumerate all known CMS, displaying them one by one. And as soon as it stumbles upon a matching one, it will notify about it.
Why you might need to check the site engine
This information will always be useful to a hacker. How can he use it? Very simple. All content controls are written by people. Accordingly, there may be errors in projects and sites. Some are fixed very quickly, some remain. Knowing the typical errors of a particular CMS and being sure that it is installed on the site under attack, a hacker can apply various approaches using vulnerabilities and exploits.
Also engine typemay be needed by a web programmer who wants to create approximately the same site for himself or a customer. Or maybe the same developer wants to see how easy it is to spot a CMS hacker on his site.
Hiding engine info
As you can see, by hiding the data about which CMS is used, you can additionally secure your site from unauthorized access as a result of a hacker attack. In fact, many articles on the Internet, on forums and in various instructions are devoted to this. There is no universal formula for hiding the engine type for all CMS at once. Each will have to act differently.
For example, Joomla generates a Generator tag. And this means that you need to fix the index.php file of the current template. You need to add the line setGenerator(``)?> to it somewhere between other meta tags.
Changing the display of web page addresses manually is very difficult. But there are ready-made solutions, something like JoomSEF. They generate links based on content titles and make the address bar look more readable and indistinguishable from most sites.
Joomla site can also be recognized by the well-known icon in the browser header. It is called favicon.ico and is located in the root of the site or in the folder of the current template.
Very often a CMS is identified by a standard 404 error page. It is recommended to change it immediately after setup and configuration.
Before you can find out which engine a site uses, you will first have to searchon the Internet, information about what typical features and parameters a particular CMS has. Well, or contact online sites. And in order to hide the use of a content management system on your resource with your own hands, you will still have to master the basics of PHP and HTML. Although here, all well-known CMS have ready-made solutions in the form of plugins, modules and components. Many of which, by the way, also reduce the resistance of the site to attacks. Which approach to choose is up to the web developer.