Hello , i would like to ask maybe old-new question and this is : Is posibile to turn of showing version of apache and modules [snipped headers]
Yes.... taken from http://linux.oreillynet.com/pub/a/linux/2001/09/18/insecurities.html also http://www.google.com/search?hl=en&q=apache+hiding+server+version This behavior can be modified in Apache using the ServerTokens directive in the httpd.conf file. ServerTokens takes the following parameters: Minimal, ProductOnly, OS, and Full. The ServerTokens directive defaults to Full, which sends the version of Apache, the operating system, and loaded modules. Minimal will only return the version of Apache. Product will only send that it is Apache. OS will send the version of Apache and the operating system that it is running on. Otherwise I guess you could compile in the desired strings from source.
Why ?
Thats a bit like asking an army why they camoflague their tanks if practice shows the enemy will blanket bomb an area using an aerial attack.
Security through obscurity doesn´t work. Most of the the activity in your logs, including hack/exploit attempt are from scriptkiddies who couldn't care less what version your running.
The just throw their cookbooks at your IP/firewall regardless.
Script kiddies when they get in tend to just deface your site and say hi to their mates. Serious attacks come from those planning to steal corporate information who wont announce their exploits, and they typically carefully plan their attacks by carefully assessing their enemy and what they are up against. Camoflauge, while not adding security per se, is a useful tool against these. More useful would be to miss lead them by setting the headers to say somthing credible like.... HTTP/1.1 400 Bad Request Server: Microsoft-IIS/5.0 Date: Wed, 06 Mar 2002 12:11:52 GMT Content-Type: text/html Content-Length: 87 just remember to implement the IIS 404 pages!
I believe there´s other ways of getting Apache to reveal it´s version too, so this wont work.
should probably read: "...so this wont work all the time". The camoflague will work all the time.
Hope this helps
Me too.