Copyright © 2008-2017, dave - Code samples on Dave's Brain is licensed under the Creative Commons Attribution 2.5 License. However other material, including English text has all rights reserved.
Date: 2007nov7 Updated: 2009dec7 Keywords: Security Through Obscurity Q. Can I make my Internet-facing daemons more secure? A. Its a good idea not to give potential hackers the name and version of your server. They might know a crack for it. Many Linux servers do just this by default. You can change the following configuration files to display a generic greeting: Dovecot ------- File /etc/dovecot.conflogin_greeting = IMAP/POP Server readyvsftpd ------ File /etc/vsftpd/vsftpd.confftpd_banner=FTP Server readyProftpd ------- File /etc/proftpd.confServerIdent on "FTP Server ready"Postfix ------- File /etc/postfix/main.cf#smtpd_banner = $myhostname ESMTP $mail_name #smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) mail_name = The-MailerApache ------ File /etc/httpd/conf/httpd.confServerTokens Prod ServerSignature OffTest ---- Restart the services and check with these commands:telnet localhost pop3 </dev/null sleep 1 | telnet localhost ftp telnet localhost smtp </dev/nullTest Apache my hitting an page that doesn't exist: http://www.example.com/page_that_does_not_exist PHP --- If you run PHP scripts then you have many public URLs ending in .php which tells everyone that they are written in PHP. But they don't have to end in that extension. In file /etc/httpd/conf.d/php.conf change:AddHandler php5-script .php AddType text/html .phptoAddHandler php5-script .hello AddType text/html .helloThen rename your scripts. Of course, you can use any extension that isn't already in use -- such as your company name. Port knocking ------------- Using knockd you can make a port appear to be closed until a friendly user accesses a sequence of other ports. Crazy obscure.
Add a commentSign in to add a comment