June 22, 2011

protect webserver/PHP software version

just hidden web server software version from Hacker fingerprint technique.

Remove Apache Version
( I have 2 solutions)

1. change Apache source code then re-compile
  • extract apache source code
  • modify file name include/ap_release.h find "AP_SERVER_BASEPRODUCT"

2. install Mod_Security modules - it better!
  • install mod_security by "yum install mod_security"
  • go to mod_security's config (i.e. /etc/httpd/modsecurity.d) then modify SecServerSignature to what you want.
  • restart httpd service
Remove PHP Version

quite simple, goto php.ini or php.conf. find "expose_php" - default is On, so change it to Off

but it really protect?

NO! It can't. Have many ways to check it. LoL.


No comments: