Disabling Headers / Banners

 Apache, Lïñµx, ñgïñx, PHP, Uncategorized, §¥§†êm ÄÐmïñ阮rå†ïðñ  No Responses »
Jan 182012
 

 

I usually don’t disable apache, php, nginx headers because to me that is just security through obscurity.

My thoughts are this…..

  1. if someone doesn’t know what version of software you are running and they decide to hack your domain or server, they will simply throw every public exploit at it that exists for said product or even simply “fingerprint” it for the correct version
  2. It makes my life easier because I can also query for those headers if for some reason I don’t remember the version of software (which saves me from logging in to the server or using other methods that might take longer – efficiency is key!)
  3. skiddies are going to throw everything at it anyways

On the flipside…..

Continue reading »

 Tagged with: , , , , , ,

Quick Fix for Apache CVE-2011-3192

 Apache, Lïñµx, Redhat, Rê§êår¢h, §¢rïþ†§, §¥§†êm ÄÐmïñ阮rå†ïðñ  4 Responses »
Aug 242011
 

Thought I would share this quick fix ref CVE-2011-3192 with the POC available here:
http://seclists.org/fulldisclosure/2011/Aug/175

First, if you are an apache admin, get this fixed ASAP. I was able to take down a small test server with 7 http get requests.

Login to the server and run this command to see if you have mod_headers installed:

locate mod_headers

If you see mod_headers.so in that list, you can continue to Configuring Apache.  Otherwise go to Compiling Mod_Headers

Continue reading »

 Tagged with: , , , , , , ,
© ÈÐ Wïgê† Ðð† ñåmê Suffusion theme by Sayontan Sinha