Am 09.01.2012 02:36, schrieb Nathanael Noblet:
On 01/08/2012 04:24 PM, Reindl Harald wrote:
> and you think that some random examples prove anything?
> some webserver logs are showing nothing about real exploits
>
> there was and there will be exploits you will never see
> in your webserver-log because if they worked CODE was
> executed in the context of your webserver
>
> fact is that nobody out there needs to know your software-version
> for something useful and one of the most important rules in
> server-administration disable and disclose ANYTHING which is not
> explicit needed to prevent exploit-cases you can not imagine
> while configure your machine
Umm aren't you saying precisely what everyone is saying?
no, maybe you should read AND try to understand
"fact is that nobody out there needs to know your
software-version for something useful"
Which was the point of my weblog examples. I am aware that it means nothing except
if something is not needed for any useful things it should not disclosed
you are missing administration basics
So displaying changes nothing
it changes the fact that there are bots scanning 24 hours a day
for specific exploits and these individuals are NOT trying all possible
exploits all day long!
if a software-package, information, disclosure is NOT NEEDED it has
to be disabled - again: take some security education!