version info
- Thread starter D69
- Start date
christx11
Jedi Master
drygol said:guys , you should remove this info from site :
http://img355.imageshack.us/my.php?image=gkrellshoot101608194733te0.jpg
it gives serious clue to the attacker
after you remove it , also delete my post ;)
How far do you want to take that? Anyone seriously attacking can do a lot of simple commands to easily get version info of many things.
Simple example:
# curl -vvv http://www.cassiopaea.org/forum/index.php?topic=10301.0;topicseen
* About to connect() to www.cassiopaea.org port 80 (#0)
* Trying 208.97.170.54... connected
* Connected to www.cassiopaea.org (208.97.170.54) port 80 (#0)
> GET /forum/index.php?topic=10301.0;topicseen HTTP/1.1
> User-Agent: curl/7.16.0 (i586-pc-mingw32msvc) libcurl/7.16.0 zlib/1.2.2
> Host: www.cassiopaea.org
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Thu, 16 Oct 2008 22:21:09 GMT
< Server: Apache/2.0.61 (Unix) PHP/5.2.6 mod_ssl/2.0.61 OpenSSL/0.9.7e mod_fastcgi/2.4.2 DAV/2
< X-Powered-By: PHP/5.2.6
< Pragma: no-cache
< Cache-Control: private
< Expires: Mon, 26 Jul 1997 05:00:00 GMT
< Set-Cookie: PHPSESSID=5tkk9692bv0itpsf9n0cu4siq3; path=/
< Last-Modified: Thu, 16 Oct 2008 22:21:09 GMT
< Vary: Accept-Encoding
< Transfer-Encoding: chunked
< Content-Type: text/html; charset=UTF-8
Should they also modify the Apache to not respond with:
Server: Apache/2.0.61 (Unix)
PHP/5.2.6
mod_ssl/2.0.61
OpenSSL/0.9.7e
mod_fastcgi/2.4.2
DAV/2
Those are all vulnerabilities also. And I can easily get even more and deeper info easily.
It just depends on what you think is necessary. They could remove it or change it to something not what it actually is to throw someone off. But to a real attacker it will mean nothing anyway.
D69
Dagobah Resident
How far ?
Just to get rid of most obvious ones.
I totally agree that this is not problem for skilled attacker but not doing anything at all is not a good solution imo.
Changing apache ver ? why not ? of course you can say that it can be later looked up via netcraft , but why not ?
Anyways , i noticed that ver info and wanted to share my feelings about it , thats it.
Imo it gives clue , and it can be easily removed , plus your example is not helping too ;D
Just to get rid of most obvious ones.
I totally agree that this is not problem for skilled attacker but not doing anything at all is not a good solution imo.
Changing apache ver ? why not ? of course you can say that it can be later looked up via netcraft , but why not ?
Anyways , i noticed that ver info and wanted to share my feelings about it , thats it.
Imo it gives clue , and it can be easily removed , plus your example is not helping too ;D
