Loading ...
Apache Tips & Tricks: Discover the web server software and version of a remote server
Applies: - (all web servers might respond with something ‘useful’ here, depends from configurations)
Required apache module: -
Scope: -
Type: informational, remote
Description: anyone can (if interested) find out (if not properly hidden) what software is running on a remote web server.
Useful: for testing. If you will implement my next tip (how to hide this information) then you might want to test this to see it is working properly. Also this is used by various companies like Netcraft to gather the required information for their statistics.
This can be achieved in many ways, but the simplest one in my opinion is to use a basic telnet connection on port 80 to the remote server and issue a regular request like “HEAD / HTTP/1.0” (I will use HEAD because we don’t care about the content):
telnet remote_server.com 80
Trying remote_server.com...
Connected to remote_server.com.
Escape character is '^]'.
HEAD / HTTP/1.0 <- after this press 2 times ENTER
HTTP/1.1 200 OK
Date: Fri, 09 Jun 2006 08:18:06 GMT
Server: Apache/2.0.55 (Debian) PHP/5.1.2-1+b1 mod_ssl/2.0.55 OpenSSL/0.9.8b
Connection: close
Content-Type: text/html; charset=UTF-8
Connection closed by foreign host.
So as you can see, it is so simple to find out that this server is using: Debian as OS (from the other versions we can assume it is Etch version), Apache 2.0.55 as web server, PHP 5.1.2, and OpenSSL 0.9.8b… Hmm, that is too easy for remote users to find out so many information about our system, right? Well in this case you might want to check my next Apache Tip that will show you how to hide this information.
Go to:
Main page of all my Apache Tips & Tricks
Tags: apache-tips-and-tricks
9th June 2006, 15:43
Another tip about GET , HEAD….
lwp-request, GET, HEAD, POST - Simple WWW user agent
HEAD remote_server.com
200 OK
Connection: close
Date: Fri, 09 Jun 2006 11:17:33 GMT
Server: Apache/2.0.55 (Debian) PHP/5.1.2-1+b1 mod_ssl/2.0.55 OpenSSL/0.9.8b
Content-Type: text/html; charset=UTF-8
Client-Date: Fri, 09 Jun 2006 15:13:39 GMT
Client-Peer: 192.168.0.102:80
Client-Response-Num: 1
X-Powered-By: PHP/5.1.2-1+b1
Anyway, thank you for your very useful blog…
9th June 2006, 16:00
Yannick,
Thanks for your comment and pointing out a more simple method to do this (as probably lwp should be available on most linux distros by default, it should work on most linux boxes without the readers need to install something additional).
Thanks,
- Marius -
ps. I have changed the actual request you posted with the one from my local test server… no need to have google or who knows what else cache my web hosting company details :-).
10th June 2006, 19:55
Hi Marius,
..no problems
10th June 2006, 22:54
Nice tips.
7th July 2006, 00:40
Actually plain old
curl -LI http://www.bbcworldservice.com
works as well (-L is for sites which require redirection).
23rd September 2006, 18:33
also
# wget -S http://www.server.com
5th December 2006, 00:36
and dont forget the infamous “nmap -sV -P0 -p80 server.com”
5th June 2007, 13:22
i want more details about apache tips and tricks
13th September 2008, 04:25
[...] hide the PHP version to remote requests. Useful: to not disclose un-needed information. As shown in Discover the web server software and version of a remote server anyone can find our valuable information from our apache server banner… This will show you how to [...]
13th September 2008, 04:26
[...] software version to remote requests. Useful: to not disclose un-needed information. As shown in “Discover the web server software and version of a remote server” anyone can find our valuable information from our apache server banner… What version are we [...]
21st October 2008, 11:08
I found this post very useful in securing my server. Was wondering how to hide that information and I’m glad I didn’t have to spend hours looking for the info. Thanks