Hiding APACHE version from Hackers !! September 2, 2010
Posted by networknuts in Uncategorized.Tags: alok srivastava, apache, apache configuration, hacking apache, hardening apache, linux delhi, linux training delhi, linux training india, networknuts, redhat, redhat linux, redhat training delhi, rehdat india, rhce, rhce delhi, rhce india, rhcss, rhcss delhi, rhcss india, securing apache, www.networknuts.net
trackback
Continuing the same flavor of hiding the sendmail version.
This is another feather in the same cap. Here I am going to show you -
How to hide your APACHE version !!
This is a very useful HACK to protect your web-server from potential hackers.
The Problem # Anyone who is well versed with Linux can find out the version of your apache server by simply doing a telnet to your server on port 80, as shown:
Just give-
HEAD / HTTP / 1.0 <enter><enter>
after doing the telnet
Using telnet to get APACHE version
Now this can be very dangerous !!
Now lets harden our apace server by hiding the version to the world.
Open the /etc/httpd/conf/httpd.conf, find and edit the following parameters
ServerSignature on to ServerSignature offServerTokens OS to ServerTokens Prod
Now save and exit and restart your apache service.
service httpd restart
Now if someone now tries to find the version of apache using the previous telnet method, he will get this :
Secured Apache by hiding its version
Happy
Enjoy your Edge!!
God Bless.
Advertisement
Comments»
No comments yet — be the first.