Actually, thats not obscurity, its Server Hardening. Changing configurations in httpd.conf and php.ini to avoid such reconnaissance is something any admin should be able to do, unless he learned Server administration outside the class sitting on a window, or just guessed the whole process . Obscurity is like the way banks do it in Kenya. They protect the machines in the front but internally, everything is not hardened or protected, so it becomes easier to break in through browsers, adobe software etc by doing APT against them etc. ./Chucks On 4/28/11, Odhiambo Washington <odhiambo@gmail.com> wrote:
On Thu, Apr 28, 2011 at 15:29, Gichuki John Chuksjonia <chuksjonia@gmail.com
wrote:
Right now the deface has been pulled off but the box tells everyone what version of Apache its running, PHP, am sure from here u can guess the version of Fedora and the kernel. LOL people will never learn even after how much information is drilled to them.
Not Found
The requested URL / was not found on this server. Apache/2.2.17 (Fedora) Server at www.nationaldisaster.go.ke Port 80
Sure, but that is not the main contributing factor for the website's insecurity. I personally don't agree obscurity is a major factor in security, though it contributes a little - by wasting a few minutes for the black hat to figure out the software versions.
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ I can't hear you -- I'm using the scrambler. Please consider the environment before printing this email.
-- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester jgichuki at inbox d0t com {FORUM}http://lists.my.co.ke/pipermail/security/ http://chuksjonia.blogspot.com/