Applies: - (all web servers might respond with something ‘useful’ here, depends from configurations) Required apache module: - Scope: - Type: informational, remote
Description: anyone can (if interested) find out (if not properly hidden) what software is running on a remote web server. Useful: for testing. If you will implement my next tip (how to hide this information) then you might want to test this to see it is working properly. Also this is used by various companies like Netcraft to gather the required information for their statistics.
This can be achieved in many ways, but the simplest one in my opinion is to use a basic telnet connection on port 80 to the remote server and issue a regular request like ”HEAD / HTTP/1.0” (I will use HEAD because we don’t care about the content):
telnet remote_server.com 80 Trying remote_server.com... Connected to remote_server.com. Escape character is '^]'. HEAD / HTTP/1.0 <- after this press 2 times ENTER HTTP/1.1 200 OK Date: Fri, 09 Jun 2006 08:18:06 GMT Server: Apache/2.0.55 (Debian) PHP/5.1.2-1+b1 mod_ssl/2.0.55 OpenSSL/0.9.8b Connection: close Content-Type: text/html; charset=UTF-8 Connection closed by foreign host.
So as you can see, it is so simple to find out that this server is using: Debian as OS (from the other versions we can assume it is Etch version), Apache 2.0.55 as web server, PHP 5.1.2, and OpenSSL 0.9.8b… Hmm, that is too easy for remote users to find out so many information about our system, right? Well in this case you might want to check my next Apache Tip that will show you how to hide this information.