Listen to this Post

You Should Know:
Hiding Apache Version and OS Info
To prevent attackers from exploiting known vulnerabilities in your Apache server version, follow these steps:
1. Edit Apache Configuration:
sudo nano /etc/apache2/apache2.conf
Add these lines at the bottom:
ServerSignature Off ServerTokens Prod
2. Restart Apache:
sudo service apache2 restart
3. Verify Changes:
curl http://localhost/nonexistentpath -v -A "x"
The output should no longer display server version or OS details.
Setting Up a Custom 404 Page
A default 404 page can still reveal server info. Replace it with a custom page:
1. Edit Apache Configuration:
sudo nano /etc/apache2/apache2.conf
Add or modify:
ErrorDocument 404 /custom_404.html
2. Create a Custom 404 Page:
sudo nano /var/www/html/custom_404.html
Example content:
<!DOCTYPE html> <html> <head> <title>404 Not Found</title> </head> <body> <h1>Oops! Page not found.</h1> </body> </html>
3. Restart Apache:
sudo service apache2 restart
For Nginx Users
If using Nginx, hide server info by editing /etc/nginx/nginx.conf:
server_tokens off;
Then restart Nginx:
sudo systemctl restart nginx
Advanced Protection with Fail2Ban
Prevent automated scans by blocking suspicious IPs:
1. Install Fail2Ban:
sudo apt install fail2ban
2. Configure Jail for Apache:
sudo nano /etc/fail2ban/jail.local
Add:
[apache-noscript] enabled = true port = http,https filter = apache-noscript logpath = /var/log/apache2/error.log maxretry = 3
3. Restart Fail2Ban:
sudo systemctl restart fail2ban
What Undercode Say
Hiding server info is a basic but crucial step in hardening web servers. While it doesn’t replace patching vulnerabilities, it reduces exposure to automated attacks. Combine this with:
– Regular updates (sudo apt update && sudo apt upgrade -y)
– Firewall rules (sudo ufw enable)
– Monitoring (sudo tail -f /var/log/apache2/access.log)
For further reading, check:
Expected Output:
After applying these changes, running:
curl -I http://yourserver.com
Should return minimal server info, and accessing a non-existent page should show your custom 404.
Prediction
As automated scanning tools become more sophisticated, obscuring server details will remain a key defense against opportunistic attacks. Expect more AI-driven fingerprinting techniques, making server hardening even more critical.
IT/Security Reporter URL:
Reported By: Activity 7335410342056902657 – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅


