httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Yip ...@davidyip.com>
Subject RE: Stripping out all version info?
Date Wed, 21 Aug 2002 09:46:19 GMT
I do think it is a good practice to send bogus server name and version 
since most of the vulnerability scanners depend on this and this is the 
simplest way to fool them.

At 16:23 21/8/2002, Boyle Owen wrote:
>If you really want to hide your signature, edit the source and recompile 
>(see src/include(httpd.h and look for SERVER_BASEREVISION etc.)
>
>Before spending time doing this, ask yourself: Does painting over the 
>brandname on a padlock make it harder to pick?
>
>Rgds,
>
>Owen Boyle
>
> >-----Original Message-----
> >From: Bill Parker [mailto:dogbert@netnevada.net]
> >Sent: Dienstag, 20. August 2002 18:55
> >To: users@httpd.apache.org
> >Subject: Stripping out all version info?
> >
> >
> >Hi All,
> >
> >       Does anyone have a GOOD set of instructions on how to
> >strip out all version
> >information in Apache 1.3.2x and PHP so that nothing is
> >presented to the
> >outside
> >world?  I've looked at ServerTokens, but is there something
> >more that can
> >be done?
> >
> >-Bill
> >
> >
> >---------------------------------------------------------------------
> >The official User-To-User support forum of the Apache HTTP
> >Server Project.
> >See <URL:http://httpd.apache.org/userslist.html> for more info.
> >To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> >For additional commands, e-mail: users-help@httpd.apache.org
> >
> >
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message