Date: Fri, 6 Jul 2001 17:02:17 +0200 From: Khalil.Haddad@ubs.com To: freebsd-security@FreeBSD.ORG Subject: Hiding Versions Message-ID: <H0000152004e7722.0994431736.ps3p84.par.swissbank.com@MHS>
next in thread | raw e-mail | index | archive | help
Hello all, After visiting this web site : www.netcraft.com, I discovered that it is possible to trace version changes of OS, apache or php. Example : FreeBSD Apache/1.3.9 (Unix) mod_perl/1.20 4-Dec-2000 195.92.95.5 Netcraft unknown Apache/1.3.9 (Unix) mod_perl/1.20 3-Dec-2000 195.92.95.5 Netcraft FreeBSD Apache/1.3.9 (Unix) mod_perl/1.20 19-Nov-2000 195.92.95.5 Planet Online unknown Apache/1.3.9 (Unix) mod_perl/1.20 18-Nov-2000 195.92.95.5 Planet Online FreeBSD Apache/1.3.9 (Unix) mod_perl/1.20 14-Nov-2000 195.92.95.5 Planet Online FreeBSD Apache/1.3.9 (Unix) mod_perl/1.20 15-Sep-1999 195.188.192.5 Netcraft Ltd FreeBSD Apache/1.3.6 (Unix) mod_perl/1.20 2-Jul-1999 195.188.192.5 Netcraft Ltd FreeBSD Apache/1.3.6 (Unix) mod_perl/1.18 9-Jun-1999 195.188.192.5 Netcraft Ltd FreeBSD Apache/1.3.4 (Unix) mod_perl/1.18 26-May-1999 195.188.192.5 Netcraft Ltd I wanted to know how this was possible, if FreeBSD stores version history somewhere. What should I do to secure this and how, because knowing that anyone can get the history of version changes on your system doesn't make you fell secure... By the way, the output for my server gives me Apache/1.3.19 but i have upgraded to 1.3.20 recently, why hasn't this been taken in consideration? (i used ports to upgrade) Thank you for your help. Khalil To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?H0000152004e7722.0994431736.ps3p84.par.swissbank.com>