I stumbled on some posts about scanning a site and detecting a server services versions. Someone pointed out a nmap tool, and I checked it against my own server. The result was not so good – Apache and ProFTPD reveled its versions. So, I was determined to change that – I want the least version information. The NMAP command is:
nmap -sS -sV -O www.yourserver.com
Secure and hide version information:
- Apache, configuration file, usually at /etc/httpd/conf/httpd.conf
ServerTokens ProductOnly
ServerSignature Off
- ProFTPD, in configuration file, usually at /etc/proftpd.conf
ServerName "My FTP Server"
ServerIdent on "ProFTPD [version] Server (server name) [hostname]"This means, enough is to set, but in Global section:
<global>
ServerIdent on "Generic FTP Server"
</global>And you can change the port, if you want.
- OpenSSH, tcp/22, not possible to change banner but yous should change the port, disable root login, etc.
- Telnet, tcp/23, I prefer to disable Telnet. If not, use this (change file /etc/issue.net)
mv /etc/issue.net /etc/issue.net-original
echo "Windows Server 2008 (Microsoft)" > /etc/issue.net
- PHP, disable expose_php for security reasons in /etc/php.ini
expose_php = 'off'
That’s about it. I believe there is more, and if someone wants to add something, just comment on this post.
Changing your service ports is applying security trough obscurity. A simple nmap will reveal your ssh port anyways so I don’t bother changing them. Changing the version numbers is aswell but it’s harder to figure out for the attacker. It’s actually more interesting to replace the version number with another older version than just removing it. Since (novice) hackers might get tricked and try patched bugs.