Security Basics mailing list archives
Re: avoiding detection by netcraft site
From: "Nikhil Wagholikar" <visitnikhil () gmail com>
Date: Tue, 23 Dec 2008 09:49:07 +0530
Hi Juan B, Why to hide banner from just Netcraft website? By issuing HEAD command with few parameters and combination after telneting to port 80 of your web server, anyone over the internet can find out the Web server info such as Web server software, version details, modules supported etc. So you can make use of Microsoft URLScan or Microsoft IISLockDown tools to hide banner information for a Microsoft Windows IIS based web servers. More Info: UrlScan Security Tool from Microsoft Technet: http://technet.microsoft.com/en-us/security/cc242650.aspx Using URLScan on IIS: http://support.microsoft.com/kb/307608 IIS Lockdown and Urlscan: http://www.securityfocus.com/infocus/1755 For Apache, you can make changes at the source code level in the file httpd.h (for Apache 1.X) or ap_release.h (for Apache 2.X), and then (re-)compile and (re-)install it. More Info: http://mescribblehere.blogspot.com/2005/12/changing-apache-http-server-banner.html Kindly note, changing banner is not a security in itself, but is something called "Security through Obscurity". More Info on "Security through obscurity": http://en.wikipedia.org/wiki/Security_through_obscurity Best of Luck !! --- Nikhil Wagholikar Practice Lead | Security Assessment & Digital Forensics Network Intelligence (I) Pvt. Ltd. (NII Consulting) Website: http://www.niiconsulting.com/ Security Products: http://www.niiconsulting.com/products.html 2008/12/18 Juan B <juanbabi () yahoo com>
Hi, Netcraft.com is a site which can tell which OS I am runing on my web site. is there a way to get to configure the site that netcraft wont detect the OS or detect a wrong version? thanks ! Juan
Current thread:
- avoiding detection by netcraft site Juan B (Dec 18)
- Re: avoiding detection by netcraft site Patrick Webster (Dec 19)
- Re: avoiding detection by netcraft site Marc-André Laverdière (Dec 19)
- Re: avoiding detection by netcraft site J5 (Dec 22)
- RE: avoiding detection by netcraft site Dan Denton (Dec 22)
- Re: avoiding detection by netcraft site J5 (Dec 22)
- Re: avoiding detection by netcraft site Nikhil Wagholikar (Dec 23)
- <Possible follow-ups>
- Re: avoiding detection by netcraft site dan . crowley (Dec 22)