Re: CRIME Netcraft Ethics

From: Alan (alan@private)
Date: Mon Jun 24 2002 - 23:27:54 PDT

  • Next message: Jeffrey_Korte/Security/FCNB/Spgla@private: "Re: CRIME AOL Backdoor?"

    On Mon, 2002-06-24 at 22:59, Zot O'Connor wrote:
    > This is the technique I have used with Apache binaries (you can
    > recompile it).
    > 
    > I *should* be possible to filter IIS with ISAPI filters.  I tested it a
    > while back for other reasons.
    > 
    > I *believe* apache 2.0.X allows you to even change the "Apache" keyword.
    > 
    > Personally I chnaged the Binary to another 6 letter word.  The problem
    > with the string, is that it usually is parsed.
    > 
    > And the standard error page still posted the Apache version.
    > 
    > 
    > BTW the Server Token posting by Alan removes most of the extraneous info
    > like OS, PHP, Mysql, etc.
    
    To remove the rest of that information:
    
    In /etc/httpd/conf/httpd.conf change "ServerSignature" from "On" to
    "Off".
    



    This archive was generated by hypermail 2b30 : Tue Jun 25 2002 - 02:13:37 PDT