Some testla.com artifacts indicate it runs on PHP being deployed from a git repository
Posted by jpluimers on 2025/06/24
A few years back, a few interesting files turned up that are directly served from the testla.com web-site right in the middle when Musk used their software engineers to asses twitter.com code quality:
- [Wayback/Archive] https://www.tesla.com/robots.txt
- wich is an adoption of [Wayback/Archive] robots.txt | Drupal 9.3.x | Drupal API
- [Wayback/Archive] https://www.tesla.com/MAINTAINERS.txt
- which is identical to the pre Drupal 7.x [Wayback/Archive] raw.githubusercontent.com/drupal/drupal/f5f4841dad3f0d99fe00cf6de004f5482c24757b/MAINTAINERS.txt (see below)
- [Wayback/Archive] https://www.tesla.com/modules/README.txt
- [Wayback/Archive] https://www.tesla.com/profiles/README.txt
- [Wayback/Archive] https://www.tesla.com/themes/README.txt
- [Archive] https://cdn-design.tesla.com/tds-fonts/: Error
Some do not exist (of which some any more):
- [Wayback/Archive] https://www.tesla.com/.editorconfig (got removed on 20221126)
- [Wayback/Archive] https://www.tesla.com/.git/index
- [Wayback/Archive] https://www.tesla.com/.gitignore (got removed on 20221126)
- [Wayback/Archive] https://www.tesla.com/LICENSE.txt (got removed on 20221126)
GNU GENERAL PUBLIC LICENSE
Version 2, June 1991 - [Wayback/Archive] https://tesla.com/cron.php (as of 20221126 redirecting to a sign-on page)
- [Wayback/Archive] https://www.tesla.com/phpunit.xml (got removed on 20221126)
- [Wayback] https://www.tesla.com/sites/settings.php (got removed on 20221126)
It is widely known that site is based on the Drupal CMS system that is written in PHP. but it is fun seeing those files being hosted publicly.
Via:
- [Wayback/Archive] Jane Manchun Wong on Twitter: “lmao
tesla.com/.gitignore“
- [Wayback/Archive] Tesla.com/.gitignore
- [Wayback/Archive] Tesla.com/.gitignore | Hacker News has them all, and also this interesting comment:
So basically you run an endless script to fetch
https://www.tesla.com/sites/default/settings.phpand hope that some day there will be a minor nginx config error which lets you download the php source instead of executing it.This will happen some day, so invest 5 bucks per month to exploit Tesla at a certain point, so maybe you can be first in line for the Cybertruck :-)it also linked to this cool analysis site: [Wayback/Archive] tesla.com Technology Profile and has this very interesting tidbit:
They’ve got something a bit more fucked up than just an exposed
.gitignore$ curl -si https://www.tesla.com/ | grep generator x-generator: Drupal 9 (https://www.drupal.org) $ curl -si https://www.tesla.com/authorize.php | grep generator x-generator: Drupal 7 (http://drupal.org)So they have at least two versions running at the same time. The
/authorize.php[1] uri also yields a 500 (instead of a 403 like most of the other resources), which implies Apache is most likely passing the request off to PHP and the script has a fatal or unhandled error.The webroot appears to be a Drupal 7.x installation and Apache is serving that content directly (e.g. https://www.tesla.com/MAINTAINERS.txt same as [2]) and trying to run some of it (authorize.php), while happy-path requests are being reverse-proxied to a Drupal 9.x installation.
A day later, the first Hacker News post was still on their front-page: [Wayback/Archive] Hacker News
Drupal 7.x MAINTAINERS.txt
Drupal 7.0 was released in 2011 and the MAINTAINERS.txt kept up-to-date until far in 2022 (the odd thing about Drupal versions is that when writing this end 2022, Drupal 8 was unsupported but Drupal 7 still is, see Drupal History on Wikipedia and [Wayback/Archive] Legacy Drupal release history | Understanding Drupal version numbers | Drupal Wiki guide on Drupal.org).
Looking at what Tesla has on-line it missed at least a few security updates (see [Wayback/Archive] Releases for Drupal core: version=7 | Drupal.org and [Wayback/Archive] CHANGELOG.txt · 7.x · project / drupal · GitLab).
This is what Tesla is using:
- [Wayback/Archive] Issue #3088938 by DamienMcKenna, webchick, mcdruid: Update the D7 mai… · drupal/drupal@f5f4841
This is the most recent MAINTAINERS.txt file at the time of writing was this August 2022 version:
- [Wayback/Archive] drupal/MAINTAINERS.txt at 7.x · drupal/drupal
- Blame view: [Wayback/Archive] drupal/MAINTAINERS.txt at 7.x · drupal/drupal
Changelog: [Wayback/Archive] drupal/CHANGELOG.txt at 7.x · drupal/drupal
Too bad there is no https://www.tesla.com/CHANGELOG.txt to compare against.
Anyway: at the time of writing they had been searching for an engineer to help migrating from Drupal 7 to 9 for more than a month [Wayback/Archive] Tesla Careers: Sr. Software Engineer, Backend Drupal
…
- Support migration from existing Drupal 7 to the new Drupal 9 site
…
Non-existing pages
https://www.tesla.com/INSTALL.txthttps://www.tesla.com/README.txthttps://www.tesla.com/taxonomy/termhttps://www.tesla.com/.git/info/exclude
Twitter replies
Replies to the above starting Tweet:
- [Wayback/Archive] TheOneCode on Twitter: “@wongmjane lol even “
- [Wayback/Archive] Daniel Böhmer on Twitter: “@wongmjane The reverse proxy seems to be a little confused with protocols (HTTPS vs HTTP)😂”
- [Wayback/Archive] Nicholas Griffin on Twitter: “@wongmjane Turns out their site is justa clone of the Drupal repo with some pictures of cars on top 😂
tesla.com/profiles/README.txt tesla.com/modules/README.txttesla.com/themes/README.txt“
–jeroen
The Wiert Corner - irregular stream of stuff 
Leave a comment