Originally Posted by colorblindjimbo
I was wrong about the amount of sites using APACHE. Although the information you gathered about what webserver is being run on those servers is a testimate to how unsecure alot of sites are. If I know what webserver you are running, the better chance I have at successfully attacking/exploiting your website.
We're taught in INFOSEC to disguise as much as possible about your services as possible.
Disguising what webserver you are running is very hard. Infact I don't think you can even disguise an IIS webserver at all as well. Apache servers you can change the server identifier, due to them being open source. Closed source IIS, no way (That I know of). These sites are also some of the worlds most secure sites in the world, you can even pull the server identified off of the NSA.GOV website (And it runs IIS 6.0).
Trying to hide what your webserver is running doesn't really work. Aside from a few of the worlds most popular websites, a huge chunk of 95% will be running IIS 6.0, Apache 1.3.X or Apache 2.X (With a few with IIS 5 / 7 and a few other weird webservers)
Originally Posted by _-..zKiLLA..-_
hey DJ-Chris whered u find that out??
This information was mainly gained by use of a program called "ID Serve" and if webservers were stubborn, nmap
Just connecting to a webserver on port 80 and sending an HTTP GET request, cf answered like this (Using "ID Serve")
HTTP/1.1 200 OK
Date: Fri, 25 Jan 2008 02:47:39 GMT
Server: Apache/2.2.4 (Win32) PHP/5.2.1
Set-Cookie: bblastvisit=1201229259; expires=Sat, 24-Jan-2009 02:47:39 GMT; path=/
Set-Cookie: bblastactivity=0; expires=Sat, 24-Jan-2009 02:47:39 GMT; path=/
Cache-Control: private, post-check=0, pre-check=0, max-age=0
Content-Type: text/html; charset=ISO-8859-1
Or this is microsoft's webpage after sending a "GET /HTTP/1.1" using telnet
telnet microsoft.com 80
Connected to microsoft.com.
Escape character is '^]'.
HTTP/1.1 301 Moved Permanently
Date: Fri, 25 Jan 2008 03:13:17 GMT
Set-Cookie: ASPSESSIONIDQCDTDTTS=LIOFPPJADOEHAHJKCACNOEKN; path=/
Connection closed by foreign host.