[addons_zz]

Security leak at alliedmods web site

Quote:

Service Temporarily Unavailable The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later. Apache/XXXX (Unix) ... More server Info lead... Server at forums.alliedmods.net Port XXX

Quote:

Not Found The requested URL /laksdjflçaksd was not found on this server. Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request. Apache/XXXX (Unix) ... More server Info lead... Server at forums.alliedmods.net Port XXX

The server should not display to the public its softwares version as each know version has its know security leaks.

Then as it is, it let this web site more reliable for attacks.

It is just a configuration at Apache. Here there is a tutorial about that:

http://www.tecmint.com/apache-security-tips/

[asherkin]

This is not an issue.

[addons_zz]

Well well, the security tips says it could be a security leak.

Quote:

In above picture, you can see that Apache is showing its version with the OS installed in your server. This can be a major security threat to your web server as well as your Linux box too. To prevent Apache to not to display these information to the world, we need to make some changes in Apache main configuration file.

Of course, it is not an functionality issue.

But will be so bad this site stop releasing unnecessary information about it self.

I mean, change this:



Into this:

[devilicioux]

He's right.. publically displaying up versions of softwares used makes it easy for hackers as well as script kiddies to just directly search for exploits and vulnerabilities to that specific version and fire the hell out of website..

[shavit]

nginx masterrace