Operating Systems > Linux and UNIX
Netcraft - Web Server Signatures help
preacher:
quote:Originally posted by void main:
I'm curious if anyone might have any information on how Netcraft figures out what OS and Web server is being run on their "what's that site running?" page. I'm sure they probably fingerprint the TCP/IP stack somehow to determine the OS and I believe from recent threads that I can spoof that part with iptables.
Now I "thought" that they determined the web server software by the "Server:" string from the "head". For instance if you do a:
$ lynx -head -dump http://www.redhat.com/
you will see this line:
Server: Apache
This string is somewhat controllable in the Apache configuration file. "Apache" is the minimal amount of info that you can give but can configure it to give more info like what modules you have loaded. Well, I hacked the Apache source code to put out a completely different string. Mine looks like this:
Server: Not IIS and certainly not Windows!
Well, it still shows up on Netcraft as "Apache on Linux", not what I was hoping. If anyone can lead me to information on things I can do to spoof Netcraft I would certainly appreciate it.
--- End quote ---
Ok Ive been looking at the apache documentation for a while and I couldnt figure out how you could modify httpd.conf so that only "Apache" is displayed. Right now Netcraft says
"Apache-AdvancedExtranetServer/1.3.26 (Mandrake Linux/6.1mdk) mod_ssl/2.8.10 OpenSSL/0.9.6g PHP/4.2.3", which basically is more info than I want to give out. Help me.
voidmain:
quote:Originally posted by X11 / BOB: l33t h4x0r:
Now thats funny, how did you do it?
--- End quote ---
http://ippersonality.sourceforge.net/
voidmain:
quote:Originally posted by ThePreacher:
Ok Ive been looking at the apache documentation for a while and I couldnt figure out how you could modify httpd.conf so that only "Apache" is displayed. Right now Netcraft says
"Apache-AdvancedExtranetServer/1.3.26 (Mandrake Linux/6.1mdk) mod_ssl/2.8.10 OpenSSL/0.9.6g PHP/4.2.3", which basically is more info than I want to give out. Help me.
--- End quote ---
ServerTokens Prod
preacher:
Thank you void main. Your knowledge never ceases to amaze me.
It seems that since Im using mandrake's preconfigured webserver, the minimum amount of info displayed is still "Apache-AdvancedExtranetServer", so people will still know I use Mandrake which is too much.
[ December 04, 2002: Message edited by: ThePreacher ]
voidmain:
quote:Originally posted by ThePreacher:
Thank you void main. Your knowledge never ceases to amaze me.
It seems that since Im using mandrake's preconfigured webserver, the minimum amount of info displayed is still "Apache-AdvancedExtranetServer", so people will still know I use Mandrake which is too much.
--- End quote ---
Then Mandrake has hacked the source, more specifically the AP_SERVER_BASEPRODUCT definition in "ap_release.h" in the Apache source code when building it. If you can tell me the exact Apache RPM version ("rpm -qa | grep -i apache" or "rpm -qa | grep http") and exact version of Mandrake you are running I can give you instructions on how to modify the source RPM and create new binary RPMs that you can install that will be exactly what you currently have installed with only that string being changed.
It's really not difficult at all to do and might come in handy if you want to hack an RPM in the future. In fact maybe that will be my next RedHat tip. I could do a writeup of how I hacked the RedHat Apache RPM, which may not be the same way to hack the Mandrake RPM but if I do the writeup properly will give you the clues you need to figure out how to do it on the Mandrake RPM.
[ December 04, 2002: Message edited by: void main ]
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version