Attackers can easily exploit your web app if they know the version of the server you are running and most web servers like nginx transmit this data by default😳. Let's try the following line of code in any terminal to get your domain's server info.
curl --head yourdomain.com
My result looks like so..
HTTP/1.1 301 Moved Permanently Server: nginx/<SERVER_VERSION>(<OPERATING_SYSTEM>) Date: Thu, 03 Mar 2022 13:46:14 GMT Content-Type: text/html Content-Length: 162 Connection: keep-alive Location: https://jast-tech.com/
you might be using apache, no worries i gat you😌
Our simple task now is to hide the
- FOR NGINX edit the nginx configuration file
Under the #HTTP Options line and before the ## line, add the following
save changes with
x and we are done😜
restart your server with
sudo systemctl restart nginx and you can try
curl --head yourdomain.com to get your server version.
edit the apache configuration file
ServerTokens Prod and
now one more step, look for
<Location "/server-status"> SetHandler server-status </Location>
and change it to
<Location "/server-status"> SetHandler server-status Order deny,allow Deny from all </Location>
😛We are done, just restart your server with
sudo service apache2 restart