Bill.Light@kp.org wrote:
I am running a mail/web server and Netcraft says that it is Apache/1.3.28 and (Linux/SuSE).
While on one hand that is nice....Would it not be better to obscure which distro I am running and the version of Apache ??
It wouldn't improve your security. Script kiddies usaually run automated exploits that don't look at your server signature. They just try to break into servers in a certain IP-range with a certain exploit. This means you are either vulnerable to this exploit or not. No kiddy will look at your server signature (probably because they don't have the right toolz to do that for them). An experienced attacker will be able to figure out all the information he needs even without a server signature. An experienced attacker wouldn't blindly trust an obscured server signature anyway. So either way: changing your server signature doesn't help you. Switching it off doesn't hurt either I guess. Check your httpd.conf for "ServerSignature On" and switch that to Off. Just don't expect this to significantly improve your security. Regards Stefan Nordhausen