Jordan, i patch my servers by editing the binaries ( httpd and the modules i'm using) with a hexeditor. This works for me very well and i never had problems with that. If you're using this way, you have to patch on multiple offsets. Not only ' HEAD / HTTP/1.0 ' gives information on the used Apache version, ie. also a non valid request or non existing file gives info. Also be careful, while patching ! Don't use longer strings as the original text ! Terminate the string with ' 00 ' and if you don't want to show any information, the first byte in the string should be ' 20 ' hex and the next ' 00 ' ! Another possibility is to find the program lines for a HEAD request to modify its answers. Or try to find every string where the servername or modulename is mentioned in the sourcecode. cheers johnny cyberpunk ----- Original Message ----- From: "Jordan K Wiens" <jwiensat_private> To: "Jonathan Sartin" <jonathan.sartinat_private> Cc: <bugtraqat_private> Sent: Friday, August 31, 2001 2:17 PM Subject: RE: easy remote detection of a running tripwire for webpages syst em > Know of any good links to documentation or source patches for completely > modifying or removing the banner? Note also that the Prod option only > works with versions strictly greater than 1.3.12. :-( > > -- > Jordan Wiens > UF Network Incident Response Team > (352)392-2061 > > On Wed, 29 Aug 2001, Jonathan Sartin wrote: > > > You need to set the ServerTokens directive in httpd.conf to reveal only > > those things that you feel appropriate about the server. > > > > Options are: > > > > min - will return the product and version (i.e. Apache/1.3.0) > > os - will return product version and operating system. > > full - will return everything, including the installed modules (as you > > noted, and probably a bad thing). > > product_only - will return just the product (i.e. Apache) > > > > default seems to be full. > > > > Examples: > > > > ServerTokens Prod[uctOnly] > > Server sends (e.g.): Server: Apache > > ServerTokens Min[imal] > > Server sends (e.g.): Server: Apache/1.3.0 > > ServerTokens OS > > Server sends (e.g.): Server: Apache/1.3.0 (Unix) > > ServerTokens Full (or not specified) > > Server sends (e.g.): Server: Apache/1.3.0 (Unix) PHP/3.0 MyMod/1.2 > > > > Note that this works on the server config level and therefore cannot be set > > for individual virtualhosts. > > > > Cheers .... J > > >
This archive was generated by hypermail 2b30 : Fri Aug 31 2001 - 09:14:36 PDT