Am 09.01.2012 02:36, schrieb Nathanael Noblet: > On 01/08/2012 04:24 PM, Reindl Harald wrote: >> and you think that some random examples prove anything? >> some webserver logs are showing nothing about real exploits >> >> there was and there will be exploits you will never see >> in your webserver-log because if they worked CODE was >> executed in the context of your webserver >> >> fact is that nobody out there needs to know your software-version >> for something useful and one of the most important rules in >> server-administration disable and disclose ANYTHING which is not >> explicit needed to prevent exploit-cases you can not imagine >> while configure your machine > > Umm aren't you saying precisely what everyone is saying? no, maybe you should read AND try to understand > "fact is that nobody out there needs to know your software-version for something useful" > Which was the point of my weblog examples. I am aware that it means nothing except if something is not needed for any useful things it should not disclosed you are missing administration basics > So displaying changes nothing it changes the fact that there are bots scanning 24 hours a day for specific exploits and these individuals are NOT trying all possible exploits all day long! if a software-package, information, disclosure is NOT NEEDED it has to be disabled - again: take some security education!
Attachment:
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
