Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How  do you know if the  website is hosted on Linux platform ?and how to hide Operating System Identity

Posted on 2014-02-11
15
Medium Priority
?
281 Views
Last Modified: 2014-02-12
One expert advise me If attacker or hacker got the Remote Operating system platform information and if there are any known vulnerabilities available in the remote operating system then this will help attacker or hacker to steal or hack your website data.
Asking me to hide Operating System Identity .
How  do you know if the  website is hosted on Linux platform or other?and how to hide Operating System Identity
0
Comment
Question by:Ihab
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
  • 3
  • +2
15 Comments
 
LVL 7

Expert Comment

by:Beneford
ID: 39850464
The webserver agent (eg Apache, IIS) is able to respond by saying what it is (in the HTTP Response header, the server field).

For apache, you can withhold this information (see http://stackoverflow.com/questions/15130443/remove-server-info-and-php-info-from-response-header)
(PHP will give the underlying OS, so that one is worth not returning).

If the underlying OS isn't explicitly published by the WebServer, there are sometimes clues if you scan the server for ports and see what else is responding (eg, if it also hosts SMTP, that usually says what it is when you connect to it.)

To be protected, you need to scan the address and see what information is available, and close any ports/services that are not being used.
0
 
LVL 6

Expert Comment

by:Tomislavj
ID: 39850484
you can check server information with many tools or on web pages like http://builtwith.com
hiding is specific for OS so you can search for Apache or IIS on Internet
0
 

Author Comment

by:Ihab
ID: 39850544
That is my website
www.dhowsoft.com
Please advise
0
Plesk WordPress Toolkit

Plesk's WordPress Toolkit allows server administrators, resellers and customers to manage their WordPress instances, enabling a variety of development workflows for WordPress admins of all skill levels, from beginners to pros.

See why 2/3 of Plesk servers use it.

 
LVL 15

Accepted Solution

by:
pateljitu earned 1200 total points
ID: 39850733
You can do a who.is lookup to see information related to your domain, follow this link http://www.who.is/whois/dhowsoft.com

Take a look at this article to help mask the details (again if you planning to apply these change in your production server, be very careful and do on your own risk):
http://www.port80software.com/support/articles/maskyourwebserver

Another way is to run website scan using paid / free online tools (for e.g. http://www.acunetix.com/ or http://wapiti.sourceforge.net/) to determine vulnerability for your website and applying suggested fix.
0
 

Author Comment

by:Ihab
ID: 39850767
How to hide Operating System Identity?
0
 

Author Comment

by:Ihab
ID: 39850783
How do you know if the website is hosted on Linux platform
0
 
LVL 15

Assisted Solution

by:pateljitu
pateljitu earned 1200 total points
ID: 39850834
Basically you cannot hide the information but maybe try and mask it (based on my previous reply using article http://www.port80software.com/support/articles/maskyourwebserver)

Your website dhowsoft.com  is hosted on Microsoft-IIS/7.0 which you can see using this link http://www.who.is/whois/dhowsoft.com

Every page request sent from your web server serves HEADER information which includes SERVER (which would be Apache, IIS...)
0
 
LVL 30

Expert Comment

by:Sudeep Sharma
ID: 39850849
This is done by the checking the fingerprinter of the remote system by capturing the TCP/IP packets thrown to it.

Most of the people use tool like Nmap.

For more details please see the article below:
http://nmap.org/book/man-os-detection.html

Sudeep
0
 
LVL 7

Assisted Solution

by:Beneford
Beneford earned 800 total points
ID: 39850896
If the site is IIS, then the server is Windows.

Removing the SERVER entry in the HTTP Response is quite involved, but the instructions are here.
http://stackoverflow.com/questions/1178831/remove-server-response-header-iis7
0
 

Author Comment

by:Ihab
ID: 39850928
Mr.  Beneford
Do you recommend removing server entry in HTTP -hide Operating System Identity?
Thanks
0
 

Author Comment

by:Ihab
ID: 39850946
I have checked my website with acunetix and I've got the results in the print-screen,
Please advise
web.jpg
0
 
LVL 7

Assisted Solution

by:Beneford
Beneford earned 800 total points
ID: 39850971
I recommend having a secure server.

If an attacker knows the OS, that only helps them know what sort of attack to mount.
If you have sufficiently valuable data, they will attack everything and knowing the OS only saves them a bit of time (but may help discourage casual attackers).

So worry less about revealing the OS and worry more about closing anything that is vulnerable.

If you don't own/control the server, this may be harder. If security is important, then your own server and an external audit to see where it is vulnerable may be worth the cost.
0
 
LVL 30

Expert Comment

by:Sudeep Sharma
ID: 39850998
Download and install Nmap for windows and scan your website.

It would tell you what OS your website is running.

http://nmap.org/dist/nmap-6.40-setup.exe

Make sure to select the intense scan.

Sudeep
0
 

Author Comment

by:Ihab
ID: 39851054
I have checked my website with acunetix and I've got the results in the print-screen,
Please advise
web.jpg
0
 
LVL 15

Assisted Solution

by:pateljitu
pateljitu earned 1200 total points
ID: 39851097
You might not have user proper settings to run the scan, would suggest to download trial and use that version.
Articles:
http://www.acunetix.com/blog/category/docs/


One successfully scanned your list should looks as in screen-shot from Acunetix portal.

http://www.acunetix.com/wp-content/uploads/2013/12/online-vulnerability-scanner-scan-results.png
0

Featured Post

Will your db performance match your db growth?

In Percona’s white paper “Performance at Scale: Keeping Your Database on Its Toes,” we take a high-level approach to what you need to think about when planning for database scalability.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ever visit a website where you spotted a really cool looking Font, yet couldn't figure out which font family it belonged to, or how to get a copy of it for your own use? This article explains the process of doing exactly that, as well as showing how…
Without even knowing it, most of us are using web applications on a daily basis.  In fact, Gmail and Yahoo email, Twitter, Facebook, and eBay are used by most of us daily—and they are web applications. We generally confuse these web applications to…
HTML5 has deprecated a few of the older ways of showing media as well as offering up a new way to create games and animations. Audio, video, and canvas are just a few of the adjustments made between XHTML and HTML5. As we learned in our last micr…
Learn how to create flexible layouts using relative units in CSS.  New relative units added in CSS3 include vw(viewports width), vh(viewports height), vmin(minimum of viewports height and width), and vmax (maximum of viewports height and width).

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question