How to hide the server version?
mike503 at gmail.com
Sat Jul 5 01:35:43 MSD 2008
On 7/4/08, Almir Karic <almir at kiberpipa.org> wrote:
> that is an ugly hack (security through obscurity) not a proper secuirty measure. no matter how hard you try to hide something a security hole (if any) is there and the attackers tend to throw everything they've got at you, a proper security measure is to monitor this list for security updates, or if it is in your power doing secuirty audit of the code.
also - if you're so worried about this, throw some packet inspecting
firewall in front of your web infrastructure to weed out the common
exploit patterns, port knocking/scanning, etc, etc. hiding the version
may buy you some time, but they're making the tools so easy to use now
it will just throw the whole kitchen sink at you with one command...
More information about the nginx