6 Mar
2002
6 Mar
'02
13:34
Hi,
so let's sumarize: Secure your box first as good as you can, then hide your version using httpd.conf and then take care of all the other information that your apache spreads (headers, error-pages).
But be asured that all the camouflage will almost certainly not hide you 100%, because there always more evidence (tcp-fingerprints (I've not yet seen an unix clone running IIS), php vs. asp pages (I know, there ist php for IIS, too, but....), etc.).
You're right. Only as a comment. Hide tcp-fingerprints with www.grsecurity.net. (But is'nt it security by o......... as well [wont start new flame] - so why they do? ............Me's looking backward - nothing said) Michael Appeldorn