Pfunk
Fpunk
Full Member
Posts: 126
The Thief
|
 |
« on: 11/27/07 @ 16:49 » |
|
I was able to identify what version of Apache you are running. Apache/*.*.* (Unix) ***/*  |
|
|
|
« Last Edit: 11/28/07 @ 01:57 by krazykrakr01 »
|
Logged
|
¶fÜnkIt is impossible for a man to learn what he thinks he already knows.
|
|
|
krAzykrAkr01
Darth Unix
Administrator
Hero Member
Posts: 1196
Feel the POWER of the darkside!!!
|
|
« Reply #1 on: 11/27/07 @ 16:52 » |
|
how?
|
|
|
|
|
Logged
|
|
|
|
Pfunk
Fpunk
Full Member
Posts: 126
The Thief
|
|
« Reply #2 on: 11/27/07 @ 17:00 » |
|
|
|
|
|
|
Logged
|
¶fÜnkIt is impossible for a man to learn what he thinks he already knows.
|
|
|
krAzykrAkr01
Darth Unix
Administrator
Hero Member
Posts: 1196
Feel the POWER of the darkside!!!
|
 |
« Reply #3 on: 11/27/07 @ 17:09 » |
|
That's basically a port scan. I aint seen no way yet of hiding your os from that. You definitely can't tell from no error page. Besides, the only port that is open is port 80. Probably 20-25 different ip's have tried to take it offline, but have not succeded.  |
|
|
|
|
Logged
|
|
|
|
Pfunk
Fpunk
Full Member
Posts: 126
The Thief
|
|
« Reply #4 on: 11/27/07 @ 17:14 » |
|
Well, i read that you can hide your Server information. Because it's one of the best ways to keep from being hacked.
Hide Apache Information
To hide the information, add the following two apache directives in Apache configuration file /etc/apache2/apache2.conf
ServerTokens ProductOnly
ServerSignature Off
Now you need to restart your web server using the following command
#/etc/init.d/apache2 restart
Now the output for apache header looks like below
Server: Apache
Hide PHP Version Details
If you want to hide the PHP version you need to edit the /etc/php4/apache/php.ini(For php4 users) file and /etc/php5/apache/php.ini (For php5 users)
Change the following option
expose_php On
to
expose_php Off
Now you need to restart your web server using the following command
#/etc/init.d/apache2 restart
After making this change PHP will no longer add it?s signature to the web server header.
If you are running php from cli against a php file, the output is a html file (as seen by a browser). In some distributions (like Debian) the php-cli is controlled by a different php.ini file (/etc/php[4,5]/cli/php.ini).
|
|
|
|
|
Logged
|
¶fÜnkIt is impossible for a man to learn what he thinks he already knows.
|
|
|
krAzykrAkr01
Darth Unix
Administrator
Hero Member
Posts: 1196
Feel the POWER of the darkside!!!
|
|
« Reply #5 on: 11/27/07 @ 17:17 » |
|
Microsoft-IIS/*.* LOL  |
|
|
|
« Last Edit: 11/28/07 @ 01:58 by krazykrakr01 »
|
Logged
|
|
|
|
Pfunk
Fpunk
Full Member
Posts: 126
The Thief
|
|
« Reply #6 on: 11/27/07 @ 17:21 » |
|
Microsoft-IIS/*.* LOL Yea, im sitting right next to it lol. |
|
|
|
« Last Edit: 11/28/07 @ 01:58 by krazykrakr01 »
|
Logged
|
¶fÜnkIt is impossible for a man to learn what he thinks he already knows.
|
|
|
Pfunk
Fpunk
Full Member
Posts: 126
The Thief
|
|
« Reply #7 on: 11/27/07 @ 17:22 » |
|
BTW, did those instructions help you? Let me know, and ill try another scan. I thought it would be kind of cool to hack it, so when someones tries to identify your server version, it say "FUCK OFF V 6.6.6" LMAO
|
|
|
|
|
Logged
|
¶fÜnkIt is impossible for a man to learn what he thinks he already knows.
|
|
|
krAzykrAkr01
Darth Unix
Administrator
Hero Member
Posts: 1196
Feel the POWER of the darkside!!!
|
|
« Reply #8 on: 11/27/07 @ 17:24 » |
|
Mine's sitting in the kitchen.
|
|
|
|
|
Logged
|
|
|
|
Pfunk
Fpunk
Full Member
Posts: 126
The Thief
|
|
« Reply #9 on: 11/27/07 @ 17:26 » |
|
Mine's sitting in the kitchen.
But that's only our gateway / firewall... We run our website on an AS400. http://www.grocerysupply.com/ |
|
|
|
|
Logged
|
¶fÜnkIt is impossible for a man to learn what he thinks he already knows.
|
|
|
|
|
Pfunk
Fpunk
Full Member
Posts: 126
The Thief
|
|
« Reply #11 on: 11/27/07 @ 17:29 » |
|
By the way, the as400 is running Apache/1.3.33 (Unix) for our web host. It's also sitting right next to me lol...  |
|
|
|
|
Logged
|
¶fÜnkIt is impossible for a man to learn what he thinks he already knows.
|
|
|
Pfunk
Fpunk
Full Member
Posts: 126
The Thief
|
|
« Reply #12 on: 11/27/07 @ 17:30 » |
|
oh ic, yea, that server kind of sucks... Same ol problems Microsoft always has, permissions and shit. I dont work for him anymore anyway. HE suppose to call you some time soon btw. |
|
|
|
|
Logged
|
¶fÜnkIt is impossible for a man to learn what he thinks he already knows.
|
|
|
krAzykrAkr01
Darth Unix
Administrator
Hero Member
Posts: 1196
Feel the POWER of the darkside!!!
|
|
« Reply #13 on: 11/28/07 @ 01:51 » |
|
To hide the information, add the following two apache directives in Apache configuration file /etc/apache2/apache2.conf
ServerTokens ProductOnly
ServerSignature Off
I don't have that file (/etc/apache2/apache2.conf). Mine is /ect/httpd/httpd.conf and aint got those two directives in it. |
|
|
|
|
Logged
|
|
|
|
krAzykrAkr01
Darth Unix
Administrator
Hero Member
Posts: 1196
Feel the POWER of the darkside!!!
|
 |
« Reply #14 on: 11/28/07 @ 01:53 » |
|
sorry, i just saw that it says ADD those two directives LOL |
|
|
|
|
Logged
|
|
|
|
|
