Re: avoiding detection by netcraft site

["Nikhil Wagholikar" <visitnikhil () gmail com>]

Hi Juan B,

Why to hide banner from just Netcraft website? By issuing HEAD command
with few parameters and combination after telneting to port 80 of your
web server, anyone over the internet can find out the Web server info
such as Web server software, version details, modules supported etc.

So you can make use of Microsoft URLScan or Microsoft IISLockDown
tools to hide banner information for a Microsoft Windows IIS based web
servers. More Info:

UrlScan Security Tool from Microsoft Technet:
http://technet.microsoft.com/en-us/security/cc242650.aspx
Using URLScan on IIS: http://support.microsoft.com/kb/307608
IIS Lockdown and Urlscan: http://www.securityfocus.com/infocus/1755

For Apache, you can make changes at the source code level in the file
httpd.h (for Apache 1.X) or ap_release.h (for Apache 2.X), and then
(re-)compile and (re-)install it.

More Info: http://mescribblehere.blogspot.com/2005/12/changing-apache-http-server-banner.html

Kindly note, changing banner is not a security in itself, but is
something called "Security through Obscurity".

More Info on "Security through obscurity":
http://en.wikipedia.org/wiki/Security_through_obscurity

Best of Luck !!

---
Nikhil Wagholikar
Practice Lead | Security Assessment & Digital Forensics
Network Intelligence (I) Pvt. Ltd. (NII Consulting)
Website: http://www.niiconsulting.com/
Security Products: http://www.niiconsulting.com/products.html


2008/12/18 Juan B <juanbabi () yahoo com>
> Hi,
>
> Netcraft.com is a site which can tell which OS I am runing on my web site.
>
> is there a way to get to configure the site that netcraft wont detect the OS or detect a wrong version?
>
> thanks !
>
> Juan