Hornbill Trust
Call Us: +44(0)208 582 8282

Social: Facebook, Google+

Mar 30 2012

Security 101

The other day I was browsing the web looking for some specific information on php security. I came across a great site (which I cannot name for the reasons below), containing just the information I was looking for. I was about to leave the office for the day and wanted to download the PDF version of the document to my phone to read on the way home — yes, I know that’s sad! I clicked on the PDF link. You know what happened next? To my surprise, I saw the following:

(Information masked to protect the website from attack)

Putting user friendliness to one side, the site revealed vital information about key components on the web server. It amused me that a website focussing on security would have a security vulnerability, and an easy one at that to resolve. A hacker coming across the site could look up the documented vulnerabilities in these components and launch an attack. I have tried emailing the website owners alerting them to my discovery, but all my emails are bouncing. I’m assuming that this is not an elaborate scam – I guess I’ll know soon if I have been fooled!

Back to Apache. If your server is reporting its version number, then you can resolve the problem very easily by adding the following to your httpd.conf file:

ServerSignature Off

ServerTokens Prod

After you save the changes, restart your Apache server and wave goodbye to this vulnerability.

Hornbill’s cloud instances are secured and do not experience the vulnerability described above.

Accreditations

IS588876

Uptime SLA

99.5%

Uptime Target

99.95%

Platform Uptime Last Month
Platform Uptime This Month