phil at infolinkelectronics.co.uk
Fri Feb 8 14:57:51 GMT 2008
> Hi Phil,
> I've not been on the list long - years of being on the Internet
> have made me a bit jaded about mailing lists, but looking at the
> archive, this one looks like it might actually be quite useful :-)
Welcome onboard etc....
> Anyway, your server
> www.netcraft.com says:
> Linux Apache/1.3.37 Built by www.zeffie.com (Unix)
> mod_ssl/2.8.28 OpenSSL/0.9.8d PHP/5.0.4 mod_auth_pam_external/0.1
> FrontPage/22.214.171.124 mod_perl/1.29 8-Feb-2008 212.105.190.xxx
> Bit more information than you expected to be giving away :-)
I kinda knew most of it was there - bit pissed off about zeffie sliding an
advert in there though!
> Good practice to edit the httpd.conf and turn ServerSignature
> off, so you don’t give away so much information to a potential attacker.
> That will probably cure your audit problem.
I'll see what it does - on the basis that fooling them off is a hell of a
lot easier than spending the w/e getting the --configure exactly what it
should be on a new PHP version!
> You want to remove the frontpage extensions too - you don’t need
> them and I'd be very surprised if your customers do. That version
> is a security risk - edit the httpd.conf, find the LoadModule
> line that mentioned mod_frontpage and comment out. Restart apache.
I'll have to check the vsites and make sure no one has it enabled / in use.
It was at one stage being used on one site that I know of.
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.516 / Virus Database: 269.19.21/1265 - Release Date: 07/02/2008
More information about the Phpwm