TIPS & TRICKS BLOG

The PHP Configuration by default shows the PHP version in HTTP server header X-Powered-By to display the version installed on the server. But for security reasons, it is generally recommended to hide the version info from attackers or hackers. Sometimes versions has some vulnerabilities which help the attackers to find loop holes and gain access to your system. If the attacker knows the PHP version then it would be easier for them to exploit and find security holes. Therefore in this article “ Server Security – Hide PHP Version ” I will be explaining how to hide PHP Version from the response header. Suggested Read: Secure Apache Web Server To hide the version we need to open php.ini file in the file editor. expose_php = On expose_php = Off You may find php.ini on the following locations Debian/Ubuntu – /etc/php/7.0/cli/php.ini CentOS – /etc/php.ini Now locate expose_php and sets its value to Off expose_php = off Save the file and exit. Afterwards re...

Directory Listing Directory Listing is by default enabled in an apache server. This happens when there is no index.html file (default) available in the directory. If there is no index file available in the directory then doesn’t understand which file to display so it displays all the files and folders in the directory. Please see the below screenshot The above image index file is the default file that is under the website folder. So when I will access my localhost with the following address – localhost/website1 or 192.168.1.2/website 1 then it shows the following page. It is actually showing the website because Apache knows exactly which file to display i.e. index.html But in case I have renamed the index.html file to index1.html then let’s see what happens. So this time when I access my website1 folder again then it will show all the files and folders inside the website1 folder. Files & Folders List Prevention In order to prevent this, you need to disable direc...

Whenever any request is made from client to server then it sends some headers from server to client or vice versa. So when we receive server response we get some headers that give some extra information about the server. This information or headers sometimes becomes vulnerable for hackers to break your server and get into it. In order to stop unauthorized access we secure our server. So in this article “Server Security – Apache Web Server Hardening” I will secure the apache server by removing the server details from response headers. This comes under the Banner Grabbing Attack . In the Banner Grabbing method, Hacker tries to identify the target system OS or server name and version to penetrate into the system. To understand this look at the image below. Server Details If you will look at the image you will find out, In server response headers we are actually getting the lots of details . We are getting the following items: 1. Server Name and Version (Apache &...