- Serving up something different: Review of Noriko's Dinner Table
- New on Blu-ray and DVD: Drive! The Thing! In Time!
- PERFECT SENSE movie review
- Moon Nazis be trippin' in new theatrical trailer for IRON SKY
- Stake Land's Jim Mickle to remake Mexican cannibal flick WE ARE WHAT WE ARE
- Review of the Eric Bilodeau's cyberpunk zombie flick HUNTING GROUNDS
- Maria has a death wish in Marcel Grant’s MONSIEUR FRANCOIS trailer
- PUSHER pushes forward with new poster and first images
- Promo video for steampunk animation UN MONDE TRUQUE (A FAKE WORLD)
- THE END says stay positive in the apocalypse
- Prepare yourself for the apocalypse
- Female Prisoner No. 701: Sasori
- Re: Japanese zombie movies (2011-12 round-up)
- Re: Life Is Dead
- Balkans war revenge movie - Nicolas Cage?
- PA Film Archive
- i kill
- Re: Life Is Dead
- Monster Killer
- zombie films
- Retro Slave: LOGAN'S RUN series box coming in April
- APOCALYPSE PIZZA VIDEO delivers during the zombie apocalypse!
- Concept art for Enki Bilal's next is PA animation ANIMAL'Z
- Trailer for ZOMBIE MURDER EXPLOSION DIE! All 4 of these in every episode!
- Wandering madly in the remnants of civilization in Greece's HIGUITA (teaser)
- THE HOST director's English language debut SNOW PIERCER adds cast
- Argentina invaded by NEWMEDIA aliens
- THE DIVIDE movie review
- THE RIDER still rides! New teaser reveals stunning final animation style
- EXCLUSIVE: Trailer for RAMPAGE IN HEAVEN sees The Monkey King and mech in a nightmarish dying world
- Sony could back Seth Rogan's THE APOCALYPSE (Jay and Seth vs. The Apocalypse)
- PERFECT SENSE movie review
- SLAMDANCE 2012: Review of SUNDOWNING
- SLAMDANCE 2012: Review of killer tattoo thriller COMFORTING SKIN
- DVD Review: Style overshadows heart in spunky comedy SPORK
- DVD Review: Daniel Craig loses his mind in mediocre DREAM HOUSE
- SUNDANCE 2012: Review of EXCISION
- SUNDANCE 2012: Review of THE PACT
- SUNDANCE 2012: Review of GRABBERS
- SUNDANCE 2012: Review of SAFETY NOT GUARANTEED
- SUNDANCE 2012: Review of the visionary BEASTS OF THE SOUTHERN WILD
- SXSW 2012: Foul mouthed, immature and packing heat in FUNERAL KINGS [trailer]
- A life out of order in Twilight Zone styled SHUFFLE
- SXSW 2012: Full lineup includes world premiere of CABIN IN THE WOODS
- Stills for Korean android omnibus DOOMSDAY BOOK
- Trailer for muse EDDIE THE SLEEPWALKING CANNIBAL
- New on Blu-ray and DVD: Drive! The Thing! In Time!
- EXCLUSIVE: Trailer for 70s poltergeist flick WHEN THE LIGHTS WENT OUT
- SLAMDANCE 2012: Review of killer tattoo thriller COMFORTING SKIN
- Trailer for ZOMBIE MURDER EXPLOSION DIE! All 4 of these in every episode!
- Trailer for DEAD SHADOWS - Is there some Lovecraft influence?
- Jim Jarmusch making vampire flick ONLY LOVERS LEFT ALIVE
- Will you see this film? Teaser poster for RESIDENT EVIL: RETRIBUTION
- DVD Review: Style overshadows heart in spunky comedy SPORK
- DVD Review: Daniel Craig loses his mind in mediocre DREAM HOUSE
- Zombie bigots abound in DAVE OF THE DEAD
- Douche bags are target practice in GOD BLESS AMERICA trailer
- SUNDANCE 2012: Review of EXCISION
- SUNDANCE 2012: Review of THE PACT
- SUNDANCE 2012: Review of GRABBERS
- EXCLUSIVE: Researching life after death in random data patterns in APOPHENIA (APOFANIA) (trailer)
Jack In
Latest Comments
Latest Forum Posts
PA News
Latest Reviews
Older News
Film Festivals
Berlin International Film Festival (Berlinale)
Feb 09 - Feb 19
Berlin, Germany
Boston Underground Film Festival
Mar 24 - Mar 31
Boston, Massacheusets
Yubari International Fantastic Film Festival
Feb 23 - Feb 27
Yūbari, Hokkaidō, Japan
Cinequest Film Festival
Feb 28 - Mar 11
San Jose, California
South by Southwest (SXSW)
Mar 09 - Mar 17
Austin, Texas
Staff
Don Neumann aka quietearth
Editor in Chief
Fort Collins/Denver, Colorado
agentorange
Managing Editor
Edmonton, Alberta
Marina Antunes
Assistant Managing Editor
Vancouver, British Columbia
projectcyclops
UK Correspondent
Edinburgh, Scotland
Rick McGrath
Toronto Correspondent
Toronto, Ontario
The Crystal Ferret
France Correspondent
Paris, France
rochefort
Austin Correspondent
Austin, Texas
kilowog
LA Correspondent
Los Angeles, California
Joao Fleck
South American Correspondent
Porto Alegre, Brazil
quietearth [General News 10.11.06]
By default, most pre-packaged apache installations come with full information leakage, so if you telnet to port 80 on your webserver you can check, just type in the GET line, then hit enter twice:
# telnet localhost 80
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
GET / HTTP/1.1
HTTP/1.1 400 Bad Request
Date: Wed, 11 Oct 2006 19:13:43 GMT
Server: Apache/2.0.55 (Ubuntu) PHP/5.1.2
Content-Length: 226
Connection: close
Content-Type: text/html; charset=iso-8859-1Here we see the Apache version, the distro, and the php version. If you had any extra apache modules installed, it would also show them as well as their versions. We can easily fix this by modifying the config file which will be distribution dependent. On Ubuntu its /etc/apache2/apache2.conf, or on red hat enterprise linux it will be /etc/httpd/conf/httpd.conf. We will need to modify the ServerSignature and ServerTokens lines, if you don't have them, add them in. Here's what they should be set to:
ServerSignature Off
ServerTokens ProdNow restart the webserver and check what info we have:
# telnet localhost 80
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
GET / HTTP/1.1
HTTP/1.1 400 Bad Request
Date: Wed, 11 Oct 2006 19:16:07 GMT
Server: Apache
Content-Length: 226
Connection: close
Content-Type: text/html; charset=iso-8859-1All it says now is Apache. PHP also has version information leakage turned on.
By default when php serves a page your header will show:
X-Powered-By: PHP/4.X.XYou need to modify the php.ini and set the expose_php variable to Off. For ubuntu, the file is /etc/php5/apache2/php.ini. This will remove the X-Powered-By line.
expose_php = OffAnother problem in php could be display_errors, you want this turned off for a production web site because it might provide file paths or other informaiton.
display_errors = OffAfter making any php.ini modifications, you will need to restart apache for them to take affect.
If you are using any other modules with apache, you will need to check the documentation.
Leave a comment
Related articles
