Remove the display version of Apache is desirable in order not to fall on a 0-day vulnerability, as well as if you do not follow the daily updates and vulnerabilities. Hiding version certainly does not help to get rid of vulnerabilities (there are other tools), but will complicate the work of the attacker.
In order to hide the version of Apache you can put the module libapache-mod-security , which will hide all unnecessary. Set it by running:
apt-get install libapache2-mod-security2
And edit the configuration, change or add lines to the file /etc/apache2/conf-available/security.conf :
Restart the the Apache :
service apache restart
The next step conceal version of Nginx . To hide the version of Nginx edit the file /etc/nginx/nginx.conf . Add in section http ban the transfer of information about the server:
Save the configuration and restart Nginx .
service nginx restart
It only remains to hide the version of the PHP . To do this, open the configuration file /etc/php5/apache2/php.ini and add to the configuration of a ban on the transfer of information about the PHP .
expose_php = Off
Now all the extra information hidden.
No system is truly secure!
You must be logged in to reply to this topic.