Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Hiding version tokens?

Discussion in 'General Discussion' started by Crazy Pete, Jul 30, 2003.

  1. Crazy Pete

    Crazy Pete Well-Known Member

    May 16, 2003
    Likes Received:
    Trophy Points:
    How does one go about hiding the version tokens of various services running on a server, to deter anyone wishing to run an exploit against them. After all, they can't exploit something if they don't know what version it is, at least not without a lot of undue effort.

    Somewhere I read how to remove the Apache version token from my server, which works as evidenced by On mine it just says...

    The site is running Apache on Linux.


    What I wanted to do was something similar but with other services like exim, SQL, PHP, PureFTPd, BIND, cppop, etc. Anyone know how to accomplish this without breaking things? Support Ticket Number:
  2. FWC

    FWC Well-Known Member

    May 13, 2002
    Likes Received:
    Trophy Points:
    Ontario, Canada

    ServerTokens ProductOnly

    to httpd.conf.
  3. Crazy Pete

    Crazy Pete Well-Known Member

    May 16, 2003
    Likes Received:
    Trophy Points:
    Ok I have that already, what I was saying was how can I do something similar for other services? For example, on I can run my domain, and several others. On my domain it lists BIND version as 9.2, whereas on several other sites it lists BIND version as "You nosy bastard."

    Where/how can I change these version tokens? Support Ticket Number:
  4. Domenico

    Domenico Well-Known Member

    Aug 14, 2001
    Likes Received:
    Trophy Points:

    1) pico -w /etc/named.conf

    2) add this line:
    version "like whatever";
    query-source address * port 53;

    3) Save the changes
    Ctrl+x then y

    4) Restart your BIND service.
    service named restart or /etc/init.d/named restart

    5) Check your bind version
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. SarcNBit

    SarcNBit Well-Known Member

    Oct 14, 2003
    Likes Received:
    Trophy Points:
    Here is a snippet from


    Version numbers can be used by various software scanners to determine if your server is vulnerable. Though you should have the latest versions of everything security though obsecurity is one method that can be employed to help secure your server.

    First we are going to hide the version information in apache.

    #pico /etc/httpd/conf/httpd.conf
    Press control + w to search for "ServerSignature"
    It should say On, change it to Off
    This will remove the identification of apache from error pages

    Right below that add a line that has the following:
    "ServerTokens Prod"
    This will identify apache simply as "apache" with no version numbers or OS information

    Save out of the file and restart apache
    #service httpd restart

    Next we will disable named from giving a version.
    #pico /etc/named.conf
    Search for "query-source address * port 53;"
    Add a line right below it with
    version "Named";
    Save and restart named

    Next we will disable the exim version
    #pico /etc/exim.conf
    Search for " smtp_banner = "${primary_hostname"
    This is the welcome banner for the email server, anything can be set here. To quickly replace it just do something like the following

    smtp_banner = "${primary_hostname} MailServer \n\
    We do not authorize the use of this system to transport unsolicited, \n\
    and/or bulk e-mail."

    Then save out and restart exim.
    #service exim restart

    Remeber this is just security though obsecurity and you still need to keep the server updated! This is just going to stop some people from finding your server in the first place. It will not help at all if somebody is trying to actually hack the server.


Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice