Re: Apache exploit?

From: Michael Scheidell (scheidellat_private)
Date: Tue Feb 26 2002 - 04:26:10 PST

  • Next message: Noam Rathaus: "PHP & Apache a hazard waiting to happen (DIFF)"

    > Does anybody has enough information to write a NASL script (other than
    > just verifying the version number)?
    hmmm lets keep a watch on our logs, for now.
    if you want to hide the fact that you are running php, in
    <localpath/etc/php.ini> do this:
    ; Misc
    ; Decides whether PHP may expose the fact that it is installed on the server
    ; (e.g. by adding its signature to the Web server header).  It is no security
    ; threat in any way, but it makes it possible to determine whether you use PHP
    ; on your server or not.
    expose_php = Off
    also review the other settings that may affect your security.
    see these also:
    Michael Scheidell
    SECNAP Network Security, LLC
    (561) 368-9561 scheidellat_private

    This archive was generated by hypermail 2b30 : Tue Feb 26 2002 - 04:27:03 PST