Usually the most easy way for an hacker to exploit your server is just to know the version of the web server that you are running on your machine.
The first thing to do when you setup for example Apache, is to hide this information. In fact, the default setting is to show all the information about the web server in pages like 500, 403 or 404 etc…
It could be also useful to hide the version of your PHP in the HTTP response header.
To achieve these goals is very easy and powerful. Just edit the Apache configuration file (usually /etc/apache2/apache2.conf)
$ sudo vim /etc/apache2/apache2.confIf you can’t find it you can run
$ locate apache2.confand simply add (or edit)
#To hide Apache signature ServerSignature Off #To hide PHP version ServerTokens Prodand remember to restart your Apache server
$ sudo systemctl restart apache2
Leave a Reply