Home PC Games Linux Windows Database Network Programming Server Mobile  
           
  Home \ Linux \ Camouflage Nginx Web server version to prevent invasion     - Linux shell script under the use of randomly generated passwords (Programming)

- CentOS 6.6 x64 Oracle Database 11gR2 RAC automated installation scripts (Database)

- Python context managers (Programming)

- Android Scroller call mechanism and the relationship of computeScroll (Programming)

- Ansible installation configuration and simple to use (Server)

- Linux under DB2SQL1024N A database connection does not exist. SQLS (Database)

- Automatic Clear date directory shell script (Linux)

- Linux compiler installation Redis (Database)

- Transfer files and permissions from Windows to Linux system by Samba (Linux)

- Analysis: Little Notebook facing a major security threat secure online (Linux)

- Analyzing Linux server architecture is 32-bit / 64-bit (Server)

- Linux shared libraries .so file name and Dynamic Link (Linux)

- Redis master-slave replication switch (Database)

- Commentary Apache + Tomcat + JK implement Tomcat clustering and load (Server)

- Customize the 404 error page Nginx (Server)

- How to troubleshoot Windows and Ubuntu dual system time is not synchronized (Linux)

- Fedora 22 Server how to upgrade to Fedora 23 Beta Server (Linux)

- Oracle row and column switch to turn columns (Database)

- Linux input and output redirection (Linux)

- Linux boot process and run level (Linux)

 
         
  Camouflage Nginx Web server version to prevent invasion
     
  Add Date : 2018-11-21      
         
         
         
  In order to prevent hackers to scan web server information corresponding to the web server through the information to find the corresponding version of the loopholes, and thus the web server intrusion, nginx Although powerful, but also the software, the software may be vulnerable, for example nginx- 0.6.32 version, by default may lead to server errors any type of file to parse PHP manner, such as Trojan upload a jpg format to the forum site, through loopholes parsed into a phpshell, thereby obtaining permissions intrusion server, this will cause serious security problems, so that hackers can capture the nginx server support php. If the storm drain nginx version and the version and security vulnerabilities so your web server is certainly at stake.

Directed to nginx server, you can modify the source code in the header on nginx description below to nginx-1.2.0 version, for example.

[Root @ www nginx-1.2.0] # cd src / core /
[Root @ www core] # vim nginx.h ------- edit nginx.h file
/ *
* Copyright (C) Igor Sysoev
* Copyright (C) Nginx, Inc.
* /
#ifndef _NGINX_H_INCLUDED_
#define _NGINX_H_INCLUDED_
#define nginx_version 1002000
#define NGINX_VERSION "2.2.2" // default to 1.2.0
#define NGINX_VER "Apache /" NGINX_VERSION // default Nginx
#define NGINX_VAR "NGINX"
#define NGX_OLDPID_EXT ".oldbin"
#endif / * _NGINX_H_INCLUDED_ * /
Then compiled normally complete the installation.

Test results

Use nmap scan host

Get http request information using curl

Or visit a URL that does not exist can also see the effect

You can see whether or request for information on the website http packets with nmap scan host access requests using curl or even a nonexistent url displays web server using Apache2.2.2 version, thus hiding our real web server version That nginx-1.2.0 version, to protect the security of web servers.
     
         
         
         
  More:      
 
- Learning OpenCV: (VS2010-openCV2.4.3-win7 configuration instructions) (Linux)
- Detailed driver compiled into the Linux kernel (Programming)
- Spark SQL job of a lifetime (Server)
- Linux network monitoring tools ntopng installation (Linux)
- Linux settings Java_home (Linux)
- Oracle 11G R2 DataGuard structures (Database)
- Linux, see picture not resolve the problem (Linux)
- Why did not Oracle privileges can also log in with sysdba (Database)
- Swift defined type conversion and type aliases (typealias) (Programming)
- How to create a binary distribution with Bash (Linux)
- Advanced permissions Linux file system settings (Linux)
- Use PuTTY key authentication mechanism for remote login Linux (Linux)
- Tmux create the perfect terminal management tool under CentOS (Linux)
- After you change the GRUB boot disk partition repair (Linux)
- Linux Kernel 4.2.2 compiler installation tutorial (Linux)
- Troubleshooting Linux virtual machine device id and the letter of inconsistencies (Linux)
- How to merge two pictures in Cacti (Linux)
- VMware installed Linux system and JDK deployment (Linux)
- JavaScript: understanding regular expressions (Programming)
- Linux awk text analysis tool (Linux)
     
           
     
  CopyRight 2002-2020 newfreesoft.com, All Rights Reserved.