HOWTO: Reduce information that hackers/crackers/worms/scriptkiddies can use

rhoekman

Verified User
Joined
Jan 3, 2004
Messages
250
Location
The Netherlands
A lot of scriptkiddies have tools to scan the internet for vulnerable servers. One way to slow them down is to minimize the information sent back when they are probing.

Hiding version numbers to the outside world.

Apache:

Apache wil give a lot of information back:

tester# telnet www.directadmin.com 80
Trying 66.51.122.131...
Connected to directadmin.com.
Escape character is '^]'.
HEAD / HTTP/1.0

HTTP/1.1 200 OK
Date: Sat, 10 Jan 2004 07:36:56 GMT
Server: Apache/1.3.29 (Unix) mod_ssl/2.8.16 OpenSSL/0.9.6b PHP/4.3.4 mod_perl/1.27 FrontPage/5.0.2.2623
Last-Modified: Mon, 16 Jun 2003 01:28:03 GMT
ETag: "78002-2b22-3eed1d23"
Accept-Ranges: bytes
Content-Length: 11042
Connection: close
Content-Type: text/html

Connection closed by foreign host.
tester#

To reduce the information.. Search for ServerSignature in httpd.conf:

Turn ServerSignature to Off and add a line with ServerToken Prod like this:

ServerSignature Off
ServerTokens Prod

Its simple but very effective.. It will only show Server: Apache

After this you have to restart httpd to make it effective.

Rick
 
Another simple but very effective idea for security is not to use

rhoekman said:

But rather use ssh...... in this case it doesn't matter too much although for anything involving passwords or secure data - use ssh! just to mention the guide was already in the checklist :p
 
I'm not logging in to this port I'm using telnet to setup a tcp connection to the webservers port (80) and I'm issuing a command by hand like a browser does when requesting a page. Yes ofcourse if you want to login you should use ssh but this on port 22 and has nothing to do with my howto. It is a method you can use to gain information. You can use it also on different ports like 25 and see what mailserver is running etc and type in commands to verify users on the machine for example. It is sort of portscanning and bannergrabbing by hand..

I'm sorry I did not know there was a checklist..
 
Last edited:
Back
Top