The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Hiding version tokens?

Discussion in 'General Discussion' started by Crazy Pete, Jul 30, 2003.

  1. Crazy Pete

    Crazy Pete Well-Known Member

    Joined:
    May 16, 2003
    Messages:
    55
    Likes Received:
    0
    Trophy Points:
    6
    How does one go about hiding the version tokens of various services running on a server, to deter anyone wishing to run an exploit against them. After all, they can't exploit something if they don't know what version it is, at least not without a lot of undue effort.

    Somewhere I read how to remove the Apache version token from my server, which works as evidenced by http://www.netcraft.com. On mine it just says...

    The site expectedmiracles.com is running Apache on Linux.

    :D

    What I wanted to do was something similar but with other services like exim, SQL, PHP, PureFTPd, BIND, cppop, etc. Anyone know how to accomplish this without breaking things?

    cPanel.net Support Ticket Number:
     
  2. FWC

    FWC Well-Known Member

    Joined:
    May 13, 2002
    Messages:
    354
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Ontario, Canada
    Add:

    ServerTokens ProductOnly

    to httpd.conf.
     
  3. Crazy Pete

    Crazy Pete Well-Known Member

    Joined:
    May 16, 2003
    Messages:
    55
    Likes Received:
    0
    Trophy Points:
    6
    Ok I have that already, what I was saying was how can I do something similar for other services? For example, on dnsreport.com I can run my domain, and several others. On my domain it lists BIND version as 9.2, whereas on several other sites it lists BIND version as "You nosy bastard."

    Where/how can I change these version tokens?

    cPanel.net Support Ticket Number:
     
  4. Domenico

    Domenico Well-Known Member

    Joined:
    Aug 14, 2001
    Messages:
    362
    Likes Received:
    0
    Trophy Points:
    16


    1) pico -w /etc/named.conf

    2) add this line:
    version "like whatever";
    after:
    query-source address * port 53;

    3) Save the changes
    Ctrl+x then y

    4) Restart your BIND service.
    service named restart or /etc/init.d/named restart

    5) Check your bind version
    dig ns1.yourserver.com
     
  5. SarcNBit

    SarcNBit Well-Known Member

    Joined:
    Oct 14, 2003
    Messages:
    1,010
    Likes Received:
    3
    Trophy Points:
    38
    Here is a snippet from http://eth0.us/faq/secure.htm:

    --------------------------

    Version numbers can be used by various software scanners to determine if your server is vulnerable. Though you should have the latest versions of everything security though obsecurity is one method that can be employed to help secure your server.

    First we are going to hide the version information in apache.

    #pico /etc/httpd/conf/httpd.conf
    Press control + w to search for "ServerSignature"
    It should say On, change it to Off
    This will remove the identification of apache from error pages

    Right below that add a line that has the following:
    "ServerTokens Prod"
    This will identify apache simply as "apache" with no version numbers or OS information

    Save out of the file and restart apache
    #service httpd restart



    Next we will disable named from giving a version.
    #pico /etc/named.conf
    Search for "query-source address * port 53;"
    Add a line right below it with
    version "Named";
    Save and restart named

    Next we will disable the exim version
    #pico /etc/exim.conf
    Search for " smtp_banner = "${primary_hostname"
    This is the welcome banner for the email server, anything can be set here. To quickly replace it just do something like the following

    smtp_banner = "${primary_hostname} MailServer \n\
    We do not authorize the use of this system to transport unsolicited, \n\
    and/or bulk e-mail."

    Then save out and restart exim.
    #service exim restart


    Remeber this is just security though obsecurity and you still need to keep the server updated! This is just going to stop some people from finding your server in the first place. It will not help at all if somebody is trying to actually hack the server.


    --------------------------
     
Loading...

Share This Page