Re: CRIME Netcraft Ethics

From: Alan (alan@private)
Date: Mon Jun 24 2002 - 23:27:54 PDT

Next message: Jeffrey_Korte/Security/FCNB/Spgla@private: "Re: CRIME AOL Backdoor?"

Previous message: Zot O'Connor: "Re: CRIME Netcraft Ethics"
In reply to: Zot O'Connor: "Re: CRIME Netcraft Ethics"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 2002-06-24 at 22:59, Zot O'Connor wrote:
> This is the technique I have used with Apache binaries (you can
> recompile it).
> 
> I *should* be possible to filter IIS with ISAPI filters.  I tested it a
> while back for other reasons.
> 
> I *believe* apache 2.0.X allows you to even change the "Apache" keyword.
> 
> Personally I chnaged the Binary to another 6 letter word.  The problem
> with the string, is that it usually is parsed.
> 
> And the standard error page still posted the Apache version.
> 
> 
> BTW the Server Token posting by Alan removes most of the extraneous info
> like OS, PHP, Mysql, etc.

To remove the rest of that information:

In /etc/httpd/conf/httpd.conf change "ServerSignature" from "On" to
"Off".

Next message: Jeffrey_Korte/Security/FCNB/Spgla@private: "Re: CRIME AOL Backdoor?"
Previous message: Zot O'Connor: "Re: CRIME Netcraft Ethics"
In reply to: Zot O'Connor: "Re: CRIME Netcraft Ethics"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jun 25 2002 - 02:13:37 PDT