[Phpwm] mod_frontpage

Phil Beynon phil at infolinkelectronics.co.uk
Fri Feb 8 14:57:51 GMT 2008


> Hi Phil,
>
> I've not been on the list long - years of being on the Internet
> have made me a bit jaded about mailing lists, but looking at the
> archive, this one looks like it might actually be quite useful :-)

Welcome onboard etc....

> Anyway, your server
>
> www.netcraft.com says:
>
> Linux  Apache/1.3.37 Built by www.zeffie.com (Unix)
> mod_ssl/2.8.28 OpenSSL/0.9.8d PHP/5.0.4 mod_auth_pam_external/0.1
> FrontPage/4.0.4.3 mod_perl/1.29  8-Feb-2008  212.105.190.xxx
>
> Bit more information than you expected to be giving away :-)

I kinda knew most of it was there - bit pissed off about zeffie sliding an
advert in there though!

> Good practice to edit the httpd.conf and turn ServerSignature
> off, so you don’t give away so much information to a potential attacker.
>
> That will probably cure your audit problem.

I'll see what it does - on the basis that fooling them off is a hell of a
lot easier than spending the w/e getting the --configure exactly what it
should be on a new PHP version!

> You want to remove the frontpage extensions too - you don’t need
> them and I'd be very surprised if your customers do. That version
> is a security risk - edit the httpd.conf, find the LoadModule
> line that mentioned mod_frontpage and comment out. Restart apache.

I'll have to check the vsites and make sure no one has it enabled / in use.
It was at one stage being used on one site that I know of.

Phil
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.516 / Virus Database: 269.19.21/1265 - Release Date: 07/02/2008
11:17


More information about the Phpwm mailing list