: What is 'hitnodes.php' on a GoDaddy shared hosting server? At my company, our website is hosted with GoDaddy's shared hosting service. I was tidying up the html folder today and noticed a file
At my company, our website is hosted with GoDaddy's shared hosting service. I was tidying up the html folder today and noticed a file called hitnodes.php which I hadn't noticed before. It was only 16 lines long, and the code seemed innocuous, and just printed out the hostname of the server we're on and a bunch of dots.
I was pretty sure we didn't put it there, which lead me to believe it was from GoDaddy, so I called their support to see if they knew what it was. The guy I talked to just said "oh, I'll delete that", and when I asked what it was, he said that he wasn't allowed to tell me (!), and that he had just deleted it. When I pressed him as to why there was a file in our site that he couldn't tell us about, he just said it had to do with server maintenance and he couldn't tell me anything else about it.
So half out of concern that this could be part of some exploit that he didn't want to spook me about, and half out of pure curiosity, I've been trying to find out what this script is for, but the most I could turn up was this page talking about a method to quickly check for errors on a 4GH or Grid system. I didn't really follow what the author of that blog was talking about, and I was hoping that someone here might have a good explanation for the purpose of this script and how it works, and maybe some idea of why the GoDaddy representative was being so cagey about it. If it was just to check if a node was having problems, why not say "Oh, that was so we could quickly see if the server was having problems."? Not exactly state secrets...
Here's the code reproduced for your scrutiny:
<?php
if ( $_SERVER["OS"] == "Windows_NT" ) {
$hostname = strtolower($_SERVER["COMPUTERNAME"]);
} else {
$hostname = `hostname`;
$hostnamearray = explode('.', $hostname);
$hostname = $hostnamearray[0];
}
if ( !preg_match("/[0-9]{2,4}/", $hostname, $match) ) die("Failed to detect node");
$node = $match[0];
if ( preg_match("/^0/", $node) ) $node += 1000;
header("Content-Length: " . $node);
$response = $hostname . "<br />Padding: ";
$response = $response . str_repeat('.', $node - strlen($response));
echo $response;
?>
More posts by @Annie201
1 Comments
Sorted by latest first Latest Oldest Best
This is a file used by GoDaddy's hosting department to periodically test if accounts on their Fourth-Generation Hosting (4GH) systems are reachable. 4GH was GoDaddy's precursor to cloud hosting, as can be read about here:
Web Hosting "pools" the resources of many servers and your site's
content resides on multiple servers. This networked system helps
achieve a high reliability—beyond 99.9%—for your website because if
one server shuts down, only a fraction of the total resources are
lost.
In this system configuration, each account can be accessed via a 4 different nodes on a grid hosting system (hence the abbreviation 4GH), allowing for redundancy and performance increases via load balancing over standard hosting.
The hitnodes.php script for Linux (and hitnodes.aspx for Windows) is aptly named, since it's used by their hosting department to see if sites are reachable (i.e., can be "hit") on these nodes. By taking a look at the page size returned by this script, their IT department (and you as well), can see what node a site is being served on. Most 4GH accounts end up getting migrated to different server configurations depending on usage (as an upgrade), so they likely use this script for gauging that as well.
I've seen this file in accounts before, and as the GoDaddy representative relayed, it can just be deleted without any consequences. I'm sure the rep did not want to elaborate further on how this script is used because placing files in accounts is usually not very well received by customers, and I suppose it could be used to test if a hack or DDoS was successful for a particular node/server.
I do not think 4GH accounts are sold by GoDaddy anymore, since they've replaced them with cPanel (for Linux) and Plesk (for Windows) accounts instead of using their in-house control panel, so this file likely won't be seen as much in the future.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.