New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
http://www.cyberciti.biz/faq/find-out-remote-webserver-name/
Might not work for everything you've asked, but its a start
Thanks, but I'd like to know the version. Only says nginx
Then someone modified the headers to hide it, because nginx shows this by default. Why do you want to know?
It doesn't show on any server I check (including my own) O.o
Just curious. I love your avatar
It does on the official packages for my distro, so I supposed it was the default. There are other ways to guess the webserver, like directory listings or error pages, among more advanced probes. Guessing the exact version can be more difficult.
Because any responsible Sysadmin will enable
server_tokens off;
. Unless you're trying to find an exploit, there shouldn't be a need to find the version number.nginx header version? i dont think thats possible if the server token turn off or use nginx header more to hide/manipulate. There is good chrome extension to check server details https://chrome.google.com/webstore/detail/server-details/bdjdcpoklgpglobffdadmmjcgbknmkfh?hl=en
I consider myself a responsible sysadmin and nearly never bother to do it nor change the default SSH port and this kind of security by obscurity things.
Never bothered either, but did just now, because why not. Was just one line in a config file:
http://www.ducea.com/2009/02/08/lighty-tips-tricks-hide-lighttpd-software-version/
While hiding the version doesn't mean script kiddies will gloss over your server if a 0day exploit is released, it does (even if it's only by 1%) increase the chances they'll move on.
The same can be said with changing the default SSH port, along with disabling passwords. While it won't stop someone from searching open ports, the number of attempted logins will significantly decrease as the majority of scripts are only tuned for port 22.
Ok it looks like that isn't so easy to do. I thought it was since shodan scans my server frequently. If it doesn't check the version of my software, then what does it do?