mouss wrote:
Alain Reguera Delgado wrote:
the first thing I do when I setup a web server is disable any place that advertizes what OS and what version it is running. call it security by
I meant to byte on this too.
From examining my logs, I've come to think that the notion that this helps security is, along with detecting portscans, one of those security myths.
People who attack my webserver don't appear to test to see what webserver I'm using, they just run their toolkit over it. Many times, they try to crack my IIS even though it's actually Apache, exactly as it says.
Just as they try these, even though there's not Windows box in sight: From 24.64.3.110 - 3 packets To 203.34.16.107 - 3 packets Service: 1026 (udp/1026) (Shorewall:net2fw:DROP:,ppp0,none) - 1 packet Service: 1027 (udp/1027) (Shorewall:net2fw:DROP:,ppp0,none) - 1 packet Service: 1028 (udp/1028) (Shorewall:net2fw:DROP:,ppp0,none) - 1 packet
If a program such as nmap can detect what your OS is, then if a cracker wants to attack Apache sites, it's fair bet that if you're running *X then you're also running Apache.