Apache Obfuscation and the Art of Looking It Up Yourself
It seems every time I turn around, someone's asking how to obscure their web server identification in the same manner that we here at Attrition do. To wit:
I'm going to preface this tutorial with one very stern warning:
The following changes will NOT afford you ANY additional security! Scriptkiddies don't care what server you're supposedly running; they'll just bang away until something cries 'Uncle.' Skilled attackers will see right through the ruse. And automated intrusion agents (AKA, 'worms') just don't give a shit and will launch their attack sequences no matter what!
With that said, here's the necessary info. Once again, the documentation will take longer to write than it takes to actually figure out this trivial task.
Here's all you need to do:
That's right. That's IT. Like I said, these changes are TRIVIAL. Minimal research (via a resource such as Google) by anyone with even the slightest understanding of Apache or C coding would have yielded more than ample information to compose these changes!
Look, I don't mind helping people. I don't even mind giving people quick answers to quick questions. But when people write to me asking for this data without so much as even perfunctory research on their own...well, that's where I get a bit annoyed.
If you get any errors in compiling, I don't want to hear about it. The instructions provided here work just fine on every system I perform them on. If you get an error, it's your own fault.
Thanks to firstname.lastname@example.org for the update on Apache 2.x file names and directory locations.