1. 程式人生 > >修改常見服務器的banner

修改常見服務器的banner

connect resp char 教程 front not standard ror led

curl -I yourdomain.com 能看到什麽? Server: Apache xxx PHP xxx XXX xxx ,明碼實價,一字排開。這是幹嘛,賣菜呢?

我們不妨看看 curl -I www.google.com 結果如何:

HTTP/1.1 302 Found
Cache-Control: private
Location: http://sorry.google.com/sorry/?continue=http://www.google.com/
Date: Mon, 12 Jan 2009 06:57:41 GMT
Content-Type: text/html; charset=UTF-8
Server:

GFE/1.3
Content-Length: 259


請註意這裏 Google 的前端 Web Server 是 GFE/1.3 (Google Front Edge 1.3),至於它具體對應 Apache 1.3.x 還是 Windows 1.3,我們並不知曉。這樣就起到了很好的信息隱藏作用,一旦網上發現 Apache 1.3.x 或者 Windows 1.3 的最新漏洞,黑客們並不會直接聯想到 GFE/1.3,自然也就不會來多作嘗試了。

所以,我們應該把這些不可告人的秘密都隱藏起來,哪怕放一段文字廣告(如: [AD: DangDang http://tinyurl.com/2dangdang ][ Your AD Here ][AD: Joyo http://tinyurl.com/2amazon
]),也比賣菜似的一一詳細羅列版本要好。


參考解決方案:


1. Lighttpd 1.4.20

src/response.c:108 改為:

buffer_append_string_len(b, CONST_STR_LEN("/r/nServer: [AD: DangDang http://tinyurl.com/2dangdang ][ Your AD Here ][AD: Joyo http://tinyurl.com/2amazon ]"));

輸出 Header:
HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Mon, 12 Jan 2009 13:54:02 GMT

Server: [AD: DangDang http://tinyurl.com/2dangdang ][ Your AD Here ][AD: Joyo http://tinyurl.com/2amazon ]


2. Nginx 0.7.30

src/http/ngx_http_header_filter_module.c:48-49 改為:

static char ngx_http_server_string[] = "Server: [AD: DangDang http://tinyurl.com/2dangdang ][ Your AD Here ][AD: Joyo http://tinyurl.com/2amazon ]" CRLF;
static char ngx_http_server_full_string[] = "Server: [AD: DangDang http://tinyurl.com/2dangdang ][ Your AD Here ][AD: Joyo http://tinyurl.com/2amazon ]" CRLF;

輸出 Header:
HTTP/1.1 200 OK
Server: [AD: DangDang http://tinyurl.com/2dangdang ][ Your AD Here ][AD: Joyo http://tinyurl.com/2amazon ]
Date: Mon, 12 Jan 2009 14:01:10 GMT
Content-Type: text/html
Content-Length: 151
Last-Modified: Mon, 12 Jan 2009 14:00:56 GMT
Connection: keep-alive
Accept-Ranges: bytes


3. Cherokee 0.11.6

cherokee/version.c:93 添加:

ret = cherokee_buffer_add_str (buf, "[AD: DangDang http://tinyurl.com/2dangdang ][ Your AD Here ][AD: Joyo http://tinyurl.com/2amazon ]");
return ret;

輸出 Header:
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=15
Date: Mon, 12 Jan 2009 14:54:39 GMT
Server: [AD: DangDang http://tinyurl.com/2dangdang ][ Your AD Here ][AD: Joyo http://tinyurl.com/2amazon ]
ETag: 496b54af=703
Last-Modified: Mon, 12 Jan 2009 14:33:19 GMT
Content-Type: text/html
Content-Length: 1795



4. Apache 2.2.11


server/core.c:2784 添加:

ap_add_version_component(pconf, "[AD: DangDang http://tinyurl.com/2dangdang ][ Your AD Here ][AD: Joyo http://tinyurl.com/2amazon ]");
return;

輸出 Header:
HTTP/1.1 200 OK
Date: Mon, 12 Jan 2009 14:28:10 GMT
Server: [AD: DangDang http://tinyurl.com/2dangdang ][ Your AD Here ][AD: Joyo http://tinyurl.com/2amazon ]
Last-Modified: Sat, 20 Nov 2004 20:16:24 GMT
ETag: "1920edd-2c-3e9564c23b600"
Accept-Ranges: bytes
Content-Length: 44
Content-Type: text/html


5. Squid 3.0 STABLE 11

src/globals.cc:58 改為:

const char *const full_appname_string = "[AD: DangDang http://tinyurl.com/2dangdang ][ Your AD Here ][AD: Joyo http://tinyurl.com/2amazon ]";

輸出 Header:
HTTP/1.0 400 Bad Request
Server: [AD: DangDang http://tinyurl.com/2dangdang ][ Your AD Here ][AD: Joyo http://tinyurl.com/2amazon ]
Mime-Version: 1.0
Date: Mon, 12 Jan 2009 15:25:15 GMT
Content-Type: text/html
Content-Length: 1553
Expires: Mon, 12 Jan 2009 15:25:15 GMT
X-Squid-Error: ERR_INVALID_URL 0
X-Cache: MISS from ‘cache.hutuworm.org‘
Via: 1.0 ‘cache.hutuworm.org‘ ([AD: DangDang http://tinyurl.com/2dangdang ][ Your AD Here ][AD: Joyo http://tinyurl.com/2amazon ])
Proxy-Connection: close


6. Tomcat 6.0.18

java/org/apache/coyote/http11/Constants.java:56 和 java/org/apache/coyote/ajp/Constants.java:236 均改為:

ByteChunk.convertToBytes("Server: [AD: DangDang http://tinyurl.com/2dangdang ][ Your AD Here ][AD: Joyo http://tinyurl.com/2amazon ]" + CRLF);

輸出 Header:
HTTP/1.1 200 OK
Server: [AD: DangDang http://tinyurl.com/2dangdang ][ Your AD Here ][AD: Joyo http://tinyurl.com/2amazon ]
ETag: W/"7857-1216684872000"
Last-Modified: Tue, 22 Jul 2008 00:01:12 GMT
Content-Type: text/html
Content-Length: 7857
Date: Mon, 12 Jan 2009 16:30:44 GMT


7. JBoss 5.0.0 GA

a. tomcat/src/resources/web.xml:40 改為

[AD: DangDang http://tinyurl.com/2dangdang ][ Your AD Here ][AD: Joyo http://tinyurl.com/2amazon ]


b. 下載 JBoss Web Server 2.1.1.GA srctar (http://www.jboss.org/jbossweb/downloads/jboss-web/)

java/org/apache/coyote/http11/Constants.java:56 和 java/org/apache/coyote/ajp/Constants.java:236 均改為:

ByteChunk.convertToBytes("Server: [AD: DangDang http://tinyurl.com/2dangdang ][ Your AD Here ][AD: Joyo http://tinyurl.com/2amazon ]" + CRLF);

將編譯所得 jbossweb.jar 覆蓋 JBoss 編譯輸出文件:

JBOSS_SRC/build/output/jboss-5.0.0.GA/server/all/deploy/jbossweb.sar/jbossweb.jar
JBOSS_SRC/build/output/jboss-5.0.0.GA/server/standard/deploy/jbossweb.sar/jbossweb.jar
JBOSS_SRC/build/output/jboss-5.0.0.GA/server/default/deploy/jbossweb.sar/jbossweb.jar
JBOSS_SRC/build/output/jboss-5.0.0.GA/server/web/deploy/jbossweb.sar/jbossweb.jar

輸出 Header:
HTTP/1.1 200 OK
Server: [AD: DangDang http://tinyurl.com/2dangdang ][ Your AD Here ][AD: Joyo http://tinyurl.com/2amazon ]
X-Powered-By: [AD: DangDang http://tinyurl.com/2dangdang ][ Your AD Here ][AD: Joyo http://tinyurl.com/2amazon ]
Accept-Ranges: bytes
ETag: W/"1581-1231842222000"
Last-Modified: Tue, 13 Jan 2009 10:23:42 GMT
Content-Type: text/html
Content-Length: 1581
Date: Tue, 13 Jan 2009 10:30:42 GM

再分享一下我老師大神的人工智能教程吧。零基礎!通俗易懂!風趣幽默!還帶黃段子!希望你也加入到我們人工智能的隊伍中來!https://www.cnblogs.com/captainbed

修改常見服務器的banner