[CentOS-devel] Customize Web Server Errors

Tue Apr 1 23:54:38 UTC 2008
John Summerfield <debian at herakles.homelinux.org>

mouss wrote:
> Alain Reguera Delgado wrote:


> the first thing I do when I setup a web server is disable any place that 
> advertizes what OS and what version it is running. call it security by 

I meant to byte on this too.

 From examining my logs, I've come to think that the notion that this 
helps security is, along with detecting portscans, one of those security 
myths.

People who attack my webserver don't appear to test to see what 
webserver I'm using, they just run their toolkit over it. Many times, 
they try to crack my IIS even though it's actually Apache, exactly as it 
says.

Just as they try these, even though there's not Windows box in sight:
    From 24.64.3.110 - 3 packets
       To 203.34.16.107 - 3 packets
          Service: 1026 (udp/1026) (Shorewall:net2fw:DROP:,ppp0,none) - 
1 packet
          Service: 1027 (udp/1027) (Shorewall:net2fw:DROP:,ppp0,none) - 
1 packet
          Service: 1028 (udp/1028) (Shorewall:net2fw:DROP:,ppp0,none) - 
1 packet

If a program such as nmap can detect what your OS is, then if a cracker 
wants to attack Apache sites, it's fair bet that if you're running *X 
then you're also running Apache.


-- 

Cheers
John

-- spambait
1aaaaaaa at coco.merseine.nu  Z1aaaaaaa at coco.merseine.nu
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375

You cannot reply off-list:-)