httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lars Eilebrecht <l...@hyperreal.org>
Subject Re: Proposal: Allow ServerTokens to specify Server header completely
Date Tue, 13 Jan 2004 14:35:45 GMT
According to Ivan Ristic:

>   I recently changed the signature of the Apache running on
>   modsecurity.org (to pretend to be IIS5). As a result, I've started
>   getting more IIS-related attacks than before. So, the signature
>   does matter.

I'm getting IIS-related attacks on my servers even without
confguring an ISS server header.

If everyone starts changing the server header to some funny
name or to remove it completely, newer exploit tools won't
bother to check it at all, but just try to exploit the server.

ciao...
-- 
Lars Eilebrecht                   - Quoting one is plagiarism.
lars@hyperreal.org                 - Quoting many is research.

Mime
View raw message