fidividi

Well-Known Member
Feb 15, 2013
47
0
6
cPanel Access Level
Root Administrator
Hello,

My cPanel server is giving me below information when I load a joomla CMS hosted on it:

Server:Apache/2.2.26 (Unix) mod_ssl/2.2.26 OpenSSL/1.0.1e-fips mod_bwlimited/1.4
Transfer-Encoding:chunked
Vary:User-Agent
X-Content-Encoded-By:Joomla! 2.5
X-Powered-By:PHP/5.3.27


Is there a way to modify these information, or at least Apache headers or PHP parts, to avoid information which may be used by hackers to identify vulnerabilities depending on versions of softwares used?
 

robb3369

Well-Known Member
Mar 1, 2008
122
1
66
cPanel Access Level
Root Administrator
For Apache: Go into WHM, under Apache Config and set the Server Signature to "Off"
For Joomla: Edit source or use this extension:
/http://extensions.joomla.org/extensions/site-management/browsers-a-web-standards/12736

For PHP: Add the following in the php.ini: expose_php = off
 

fidividi

Well-Known Member
Feb 15, 2013
47
0
6
cPanel Access Level
Root Administrator
For Apache: Go into WHM, under Apache Config and set the Server Signature to "Off"
For PHP: Add the following in the php.ini: expose_php = off


Hi Rob,

I applied your recommended changes (for PHP and Apache). Only PHP expose_php was on, and I changed to off. Apache signature option was off already. Yet, nothing changed, I still see PHP version, and ofcourse apache details....

- - - Updated - - -

PHP expose_php worked on another server. But didn't on the main one.

And apart from Apache, what about nginx for instance? Anyway to disable the version and information with that?
 

fidividi

Well-Known Member
Feb 15, 2013
47
0
6
cPanel Access Level
Root Administrator
For anyone else having the same issue, as far as Apache, you also need to change to "Product Only" under "Server Tokens" in "Home »Service Configuration »Apache Configuration"
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,201
363
Hello :)

I just wanted to note that while hiding the version of Joomla might make it less of a target, it's important to ensure the latest versions of the software are used. Taking the time to ensure your customers use the latest versions of PHP scripts like Joomla will go a long way in helping to reduce the likelihood of an exploited account.

Thank you.