hi, I'm new at Linux and web server security. So excuse me if these are stupid questions. First question: Could someone explain what this means, For about 1 hour I get these 2 message over and over in my log(log/apache/access.log): xxx.xxx.xxx.xxx - - [16/Apr/2003:08:49:49 +0200] "PROPFIND /c%24 HTTP/1.1" 404 208 xxx.xxx.xxx.xxx - - [16/Apr/2003:08:51:23 +0200] "OPTIONS / HTTP/1.1" 200 - Second question. When trying the above commands myself. The server gives out allot of information about my system and web modules that are installed. Can I disable it (so that it doesn't give out the info)? greets Ken
Ken wrote:
For about 1 hour I get these 2 message over and over in my log(log/apache/access.log): xxx.xxx.xxx.xxx - - [16/Apr/2003:08:49:49 +0200] "PROPFIND /c%24 HTTP/1.1" 404 208 xxx.xxx.xxx.xxx - - [16/Apr/2003:08:51:23 +0200] "OPTIONS / HTTP/1.1" 200 -
PROPFIND and OPTIONS are keywords from the WebDAV-Protocol. An unpatched IIS is vulnerable and I think there were some problems with the Apache implementation too. (Right now I'm only able to google some vuln in 2000 - I have in mind that there was another incident, perhaps I'm wrong.)
The server gives out allot of information about my system and web modules that are installed. Can I disable it (so that it doesn't give out the info)?
Yes, but is gives you very little security. No automatic breakin attempt uses the information in your banners, but they'll try all holes in succession. http://httpd.apache.org/docs/mod/core.html#servertokens
participants (2)
-
Ken -
Peter Wiersig