There are a number of things that would be script kiddies and others looking to exploit your servers look for. The easiest is often the version of the server software… knowing what version, OS, or perhaps the running modules present provides an easy target. They may still want to try, but don’t make it any easier!
A quick run with nmap reveals this info about apache:
As you can see this server is running Apache 2.4.6 on some flavor of Unix (We’ll cover this later), but OpenSSL 1.0.1e, and PHP 5.4.20. This could prove extremely useful to someone looking for a hole to sneak in for any of this software. This info can even be displayed in a web browser.
Look in your /etc/httpd/conf/httpd.conf (your path may vary depending on OS/Distribution) for lines beginning with ServerTokens and ServerSignature and set them to look like this:
If the line is preceeded with a hach or pound sign remove the #.
Now restart apache either with the service or apachectl
[code language=”bash”]service httpd restart[/code]
[code language=”bash”]apachectl restart[/code]
Alternatively you can use the following command to have apache verify the syntax in your httpd.conf file before restarting.
[code language=”bash”]apachectl configtest[/code]
Now let’s see what nmap reports for apache:
Much better! Now, anyone looking in can see it’s an Apache webserver listening on port 80 and also listening for https/ssl on port 443. But further research is required to know what the ServerOS is.. is it Unix, Linux, Windows?? No version numbers or modules are exposed.
There are other ways to try to expose this info, and will be covered here later. But this is a good starting point.