From owner-freebsd-security Fri Jul 6 8: 5:17 2001 Delivered-To: freebsd-security@freebsd.org Received: from gate2.ldn.ubswarburg.com (gate2.ldn.ubswarburg.com [139.149.1.38]) by hub.freebsd.org (Postfix) with ESMTP id 61B1237B408 for ; Fri, 6 Jul 2001 08:05:12 -0700 (PDT) (envelope-from Khalil.Haddad@ubs.com) Received: (from smap@localhost) by gate2.ldn.ubswarburg.com (8.8.8/8.8.8) id QAA07872 for ; Fri, 6 Jul 2001 16:01:17 +0100 (BST) From: Khalil.Haddad@ubs.com Received: from (nine.ubswarburg.com [192.168.0.4]) by gate2 via smap (V2.0) id xma007820; Fri, 6 Jul 2001 16:01:10 +0100 Received: from ln4p1013pos.ldn.swissbank.com (virscan2 [192.168.0.4]) by virscan2.swissbank.com (8.8.8/8.8.8) with ESMTP id PAA08406 for ; Fri, 6 Jul 2001 15:03:12 GMT Received: from ln4p1528.ldn.swissbank.com (ln4p1528.ldn.swissbank.com [172.16.232.54]) by ln4p1013pos.ldn.swissbank.com (8.8.8/8.8.8) with ESMTP id QAA08192 for ; Fri, 6 Jul 2001 16:02:20 +0100 (BST) Received: from ps3p84.par.swissbank.com (ps3p84.par.swissbank.com [155.145.25.41]) by ln4p1528.ldn.swissbank.com (8.8.6 (PHNE_14041)/8.8.6/WDR gamma evision: 1.4 $) with ESMTP id QAA29015 for ; Fri, 6 Jul 2001 16:02:19 +0100 (BST) Received: from localhost (root@localhost) by ps3p84.par.swissbank.com (8.8.6 (PHNE_14041)/8.8.6/WDR gamma evision: 1.4 $) with ESMTP id RAA08599 for ; Fri, 6 Jul 2001 17:02:18 +0200 (METDST) X-OpenMail-Hops: 1 Date: Fri, 6 Jul 2001 17:02:17 +0200 Message-Id: Subject: Hiding Versions MIME-Version: 1.0 To: freebsd-security@FreeBSD.ORG Content-Type: text/plain; charset=US-ASCII Content-Disposition: inline; filename="BDY.TXT" ;Creation-Date="Fri, 6 Jul 2001 17:02:16 +0200" Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello all, After visiting this web site : www.netcraft.com, I discovered that it is possible to trace version changes of OS, apache or php. Example : FreeBSD Apache/1.3.9 (Unix) mod_perl/1.20 4-Dec-2000 195.92.95.5 Netcraft unknown Apache/1.3.9 (Unix) mod_perl/1.20 3-Dec-2000 195.92.95.5 Netcraft FreeBSD Apache/1.3.9 (Unix) mod_perl/1.20 19-Nov-2000 195.92.95.5 Planet Online unknown Apache/1.3.9 (Unix) mod_perl/1.20 18-Nov-2000 195.92.95.5 Planet Online FreeBSD Apache/1.3.9 (Unix) mod_perl/1.20 14-Nov-2000 195.92.95.5 Planet Online FreeBSD Apache/1.3.9 (Unix) mod_perl/1.20 15-Sep-1999 195.188.192.5 Netcraft Ltd FreeBSD Apache/1.3.6 (Unix) mod_perl/1.20 2-Jul-1999 195.188.192.5 Netcraft Ltd FreeBSD Apache/1.3.6 (Unix) mod_perl/1.18 9-Jun-1999 195.188.192.5 Netcraft Ltd FreeBSD Apache/1.3.4 (Unix) mod_perl/1.18 26-May-1999 195.188.192.5 Netcraft Ltd I wanted to know how this was possible, if FreeBSD stores version history somewhere. What should I do to secure this and how, because knowing that anyone can get the history of version changes on your system doesn't make you fell secure... By the way, the output for my server gives me Apache/1.3.19 but i have upgraded to 1.3.20 recently, why hasn't this been taken in consideration? (i used ports to upgrade) Thank you for your help. Khalil To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message