|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: About web server version
From: Kurt Seifried (bt
seifried.org)
Date: Sat Apr 26 2003 - 16:56:10 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> Hi everybody,
> i would like to know if it is possible to modify
> information returned by web server (apache) about
> version, type : apache
> I have found the solution to hide the version by adding
> this rule to the httpd.conf :
> ServerTokens Prod
> But I would like that this information also not
> returned to a malicious user that try to collect
> information about the web server
You will need to modify the source code. Unfortunately that won't really
fool anyone. Error messages, header formats/etc all provide plenty of
information. Check out Rain.Forest.Puppy's presentation on this and his
whisker tool available at wiretrip.net.
In any event it doesn't matter, most "generic" web attacks I have seen are
not targeted, they simply take a shotgun approach, or if it's a worm it just
blasts out at everyone. Much better to spend the time and effort keeping
Apache up to date.
Kurt Seifried, kurt@seifried.org
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://seifried.org/security/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]