Date: Fri, 6 Jul 2001 18:14:35 +0300 From: Peter Pentchev <roam@orbitel.bg> To: Khalil.Haddad@ubs.com Cc: freebsd-security@FreeBSD.ORG Subject: Re: Hiding Versions Message-ID: <20010706181435.E700@ringworld.oblivion.bg> In-Reply-To: <H0000152004e7722.0994431736.ps3p84.par.swissbank.com@MHS>; from Khalil.Haddad@ubs.com on Fri, Jul 06, 2001 at 05:02:17PM %2B0200 References: <H0000152004e7722.0994431736.ps3p84.par.swissbank.com@MHS>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jul 06, 2001 at 05:02:17PM +0200, Khalil.Haddad@ubs.com wrote: > Hello all, > > After visiting this web site : www.netcraft.com, I discovered that it > is possible to trace version changes of OS, apache or php. > > Example : > FreeBSD Apache/1.3.9 (Unix) mod_perl/1.20 4-Dec-2000 195.92.95.5 > Netcraft > unknown Apache/1.3.9 (Unix) mod_perl/1.20 3-Dec-2000 195.92.95.5 > Netcraft > FreeBSD Apache/1.3.9 (Unix) mod_perl/1.20 19-Nov-2000 195.92.95.5 > Planet Online > unknown Apache/1.3.9 (Unix) mod_perl/1.20 18-Nov-2000 195.92.95.5 > Planet Online > FreeBSD Apache/1.3.9 (Unix) mod_perl/1.20 14-Nov-2000 195.92.95.5 > Planet Online > FreeBSD Apache/1.3.9 (Unix) mod_perl/1.20 15-Sep-1999 195.188.192.5 > Netcraft Ltd > FreeBSD Apache/1.3.6 (Unix) mod_perl/1.20 2-Jul-1999 195.188.192.5 > Netcraft Ltd > FreeBSD Apache/1.3.6 (Unix) mod_perl/1.18 9-Jun-1999 195.188.192.5 > Netcraft Ltd > FreeBSD Apache/1.3.4 (Unix) mod_perl/1.18 26-May-1999 195.188.192.5 > Netcraft Ltd > > I wanted to know how this was possible, if FreeBSD stores version > history somewhere. What should I do to secure this and how, because > knowing that anyone can get the history of version changes on your > system doesn't make you fell secure... They can only track history in the sense of storing information obtained by somebody performing a query on the given date. This list just means that somebody has done those queries on May 26, 1999, June 9, 1999 etc, and the Netcraft database has stored the results. If nobody has been interested in *your* server, Netcraft would not have any information stored about it. It is the Netcraft database, not your OS, that keeps history. > By the way, the output for my server gives me Apache/1.3.19 but i have > upgraded to 1.3.20 recently, why hasn't this been taken in > consideration? (i used ports to upgrade) Maybe no one has performed a Netcraft query for your server since you upgraded. G'luck, Peter -- I am the meaning of this sentence. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010706181435.E700>