Information gathering is the most essential part of any hacking/penetration testing operations , you can’t hack or found vulnerability in system or server you don’t know , information is everything . if you are trying to invade a castle you must first deploy your spies to collect information about the castle what walls made of , what defenses types .. etc or you will fail to invade it.
Think of the server as your castle , make it as hard as you can for the attacker to collect information about your castle, and in this article will show you how.
The default configuration for servers don’t provide much hide otherwise they trying to tell the whole world what software you are using and what version of webserver you are running and so much information.
this is example of headers sent from IIS / dotnet server with default configurations
as you can see there is a lot of information like server Microsoft-IIS version 7.5
using ASPNetMVC version 3 , ASPNET version 4.0.3 and using URLRewriter version 2.0 . attacker can search easily for vulnerability in this softwares using version.
and here is anoher example from apache php server
This website uses cloudflare as we can see in Server header but it reveals that ut uses PHP version 5.3.2.
Ok now we understand its dangerous , how we can hide ourselves ?
1- hide server signature in dotnet servers:-
remove X-POWERED-BY by going to IIS configuration and click on HTTP Response Headers and click on X-POWERED-BY and choose remove.
To remove the MVC header,
In Global.asax, in the Application Start event:
for X-AspNet-Version Put this in the web.config
<system.web> <httpRuntime enableVersionHeader="false" /> </system.web>
2- hide server signature in Linux servers:-
– for apache:-
The server ID/token header is controlled by “ServerTokens” directive (provided by mod_core)
got to /etc/apache2/conf-available/security.conf
locate the line servertoken and change it to
and within the same file locate ServerSignature and change it to off
– for Nginx:-
To disable the nginx version, in /etc/nginx/nginx.conf add server_tokens off; in the http section:
last step if you are using php and you don’t want to expose the php version go to php.ini and locate expose_php and turn it off
expose_php = Off
NOTE: don’t forget to restart the webserver (apache or nginx) to make the changes work.
As Always , Stay safe ..