amperis, un blog de un informático: ¿quíen eres?

Una de las primeras cosas que hago antes de abrir el firewall es asegurarme que los servicios que publico en Internet no dejan entrever la versión con la que corren. Si es un apache: fuera mensaje de versión, si es un servidor de pop: fuera mensaje de versión, etc. Incluso se me ha ocurrido modificar el mensaje de la versión en aquellos servicios (como Postfix) que no dejan cambiarlo.

Para quien no se sepa de lo que hablo, la información con la versión es lo primero que se mira en busca de un bug... y posteriormente su exploit. Aquí tenéis un ejemplo de una aplicación LAMP

Como véis un simple GET de una página Web y la información que está dando:

Apache/2.2.9 (Win32) DAV/2 mod_ssl/2.2.9 OpenSSL/0.9.8h mod_autoindex_color PHP/5.2.6

Vamos pues a eliminar toda esta información extra. Para eliminar la información de la información en una aplicación LAMP/WAMP tenemos que modificar el archivo de configuración de Apache (httpd.conf) y el archivo de configuración de PHP (php.ini).

En httpd.conf buscaremos los parámentros ServerTokens y ServerSignature y los cambiaremos por estos valores:

ServerTokens Prod
ServerSignature Off

El php.ini buscaremos el parámetro expose_php y lo cambiaremos por el valor:

expose_php=off

Si reiniciamos nuestro servidor y probamos ahora veremos como ha cambiado la cosa:

Otra recomendación es no utilizar nunca los valores por defecto en las carpetas de instalación. Nunca utilizar carpetas como /admin o /phpadmin porque es lo primero que se prueba en busca de bugs.

Aquí teneis un ejemplo real de como una amigo maligno! esta buscando donde entrar:

[Tue Sep 23 13:17:54 2008] [error] [client 193.41.180.240] File does not exist: /var/www/html/phpmyadmin
[Tue Sep 23 13:17:55 2008] [error] [client 193.41.180.240] File does not exist: /var/www/html/phpMyAdmin
[Tue Sep 23 13:17:55 2008] [error] [client 193.41.180.240] File does not exist: /var/www/html/PHPMYADMIN
[Tue Sep 23 13:17:55 2008] [error] [client 193.41.180.240] File does not exist: /var/www/html/pHpMyAdMiN
[Tue Sep 23 13:17:55 2008] [error] [client 193.41.180.240] File does not exist: /var/www/html/PhPmYaDmIn
[Tue Sep 23 13:17:55 2008] [error] [client 193.41.180.240] File does not exist: /var/www/html/PHPmyadmin
[Tue Sep 23 13:17:55 2008] [error] [client 193.41.180.240] File does not exist: /var/www/html/PHPMYadmin
[Tue Sep 23 13:17:56 2008] [error] [client 193.41.180.240] File does not exist: /var/www/html/phpMYadmin
[Tue Sep 23 13:17:56 2008] [error] [client 193.41.180.240] File does not exist: /var/www/html/phpmyADMIN
[Tue Sep 23 13:17:59 2008] [error] [client 193.41.180.240] File does not exist: /var/www/html/pmamy
[Tue Sep 23 13:17:59 2008] [error] [client 193.41.180.240] File does not exist: /var/www/html/pma
[Tue Sep 23 13:18:02 2008] [error] [client 193.41.180.240] File does not exist: /var/www/html/PMA
[Tue Sep 23 13:18:03 2008] [error] [client 193.41.180.240] File does not exist: /var/www/html/myadmin
[Tue Sep 23 13:18:03 2008] [error] [client 193.41.180.240] File does not exist: /var/www/html/MYADMIN
[Tue Sep 23 13:18:03 2008] [error] [client 193.41.180.240] File does not exist: /var/www/html/MYadmin
[Tue Sep 23 13:18:03 2008] [error] [client 193.41.180.240] File does not exist: /var/www/html/myADMIN
[Tue Sep 23 13:18:03 2008] [error] [client 193.41.180.240] File does not exist: /var/www/html/MyAdmin
[Tue Sep 23 13:18:03 2008] [error] [client 193.41.180.240] File does not exist: /var/www/html/PMA
[Tue Sep 23 13:18:04 2008] [error] [client 193.41.180.240] File does not exist: /var/www/html/phpmyadmin
[Tue Sep 23 13:18:04 2008] [error] [client 193.41.180.240] File does not exist: /var/www/html/mysql
[Tue Sep 23 13:18:04 2008] [error] [client 193.41.180.240] File does not exist: /var/www/html/admin
[Tue Sep 23 13:18:04 2008] [error] [client 193.41.180.240] File does not exist: /var/www/html/db
[Tue Sep 23 13:18:04 2008] [error] [client 193.41.180.240] File does not exist: /var/www/html/dbadmin
[Tue Sep 23 13:18:05 2008] [error] [client 193.41.180.240] File does not exist: /var/www/html/web
[Tue Sep 23 13:18:05 2008] [error] [client 193.41.180.240] File does not exist: /var/www/html/admin
[Tue Sep 23 13:18:05 2008] [error] [client 193.41.180.240] File does not exist: /var/www/html/admin
[Tue Sep 23 13:18:05 2008] [error] [client 193.41.180.240] File does not exist: /var/www/html/admin
[Tue Sep 23 13:18:05 2008] [error] [client 193.41.180.240] File does not exist: /var/www/html/mysql-admin
[Tue Sep 23 13:18:08 2008] [error] [client 193.41.180.240] File does not exist: /var/www/html/phpmyadmin2
[Tue Sep 23 13:18:08 2008] [error] [client 193.41.180.240] File does not exist: /var/www/html/mysqladmin
[Tue Sep 23 13:18:09 2008] [error] [client 193.41.180.240] File does not exist: /var/www/html/mysql-admin
[client 193.41.180.240] script '/var/www/html/main.phpmain.php' not found or unable to stat
[Tue Sep 23 13:18:09 2008] [error] [client 193.41.180.240] File does not exist: /var/www/html/phpMyAdmin-2.5.6
[Tue Sep 23 13:18:12 2008] [error] [client 193.41.180.240] File does not exist: /var/www/html/phpMyAdmin-2.5.4
[Tue Sep 23 13:18:12 2008] [error] [client 193.41.180.240] File does not exist: /var/www/html/phpMyAdmin-2.5.1
[Tue Sep 23 13:18:13 2008] [error] [client 193.41.180.240] File does not exist: /var/www/html/phpMyAdmin-2.2.3
[Tue Sep 23 13:18:13 2008] [error] [client 193.41.180.240] File does not exist: /var/www/html/phpMyAdmin-2.9.1
[Tue Sep 23 13:18:13 2008] [error] [client 193.41.180.240] File does not exist: /var/www/html/phpMyAdmin-2.9.0
[Tue Sep 23 13:18:13 2008] [error] [client 193.41.180.240] File does not exist: /var/www/html/phpMyAdmin-2.9.0.2
[Tue Sep 23 13:18:13 2008] [error] [client 193.41.180.240] File does not exist: /var/www/html/phpMyAdmin-2.9.0.1
[Tue Sep 23 13:18:13 2008] [error] [client 193.41.180.240] File does not exist: /var/www/html/phpMyAdmin-2.8.2.4
[Tue Sep 23 13:18:13 2008] [error] [client 193.41.180.240] File does not exist: /var/www/html/phpMyAdmin-2.8.2.2
[Tue Sep 23 13:18:14 2008] [error] [client 193.41.180.240] File does not exist: /var/www/html/phpMyAdmin-2.8.2.1
[Tue Sep 23 13:18:14 2008] [error] [client 193.41.180.240] File does not exist: /var/www/html/phpMyAdmin-2.7.0-pl2
[Tue Sep 23 13:18:17 2008] [error] [client 193.41.180.240] File does not exist: /var/www/html/phpMyAdmin-2.7.0
[Tue Sep 23 13:18:17 2008] [error] [client 193.41.180.240] File does not exist: /var/www/html/phpMyAdmin-2.6.4-pl4
[Tue Sep 23 13:18:17 2008] [error] [client 193.41.180.240] File does not exist: /var/www/html/phpMyAdmin-2.6.4
[Tue Sep 23 13:18:17 2008] [error] [client 193.41.180.240] File does not exist: /var/www/html/phpMyAdmin-2.8.1
[Tue Sep 23 13:18:18 2008] [error] [client 193.41.180.240] File does not exist: /var/www/html/phpMyAdmin-2.2.6
[Tue Sep 23 13:18:18 2008] [error] [client 193.41.180.240] File does not exist: /var/www/html/phpMyAdmin-2.2.7
[Tue Sep 23 13:18:18 2008] [error] [client 193.41.180.240] File does not exist: /var/www/html/phpMyAdmin-2.2.7-pl1
[Tue Sep 23 13:18:18 2008] [error] [client 193.41.180.240] File does not exist: /var/www/html/phpMyAdmin-2.2.0 [Tue Sep 23 13:18:18 2008] [error] [client 193.41.180.240] File does not exist: /var/www/html/myadmin
[Tue Sep 23 13:18:19 2008] [error] [client 193.41.180.240] File does not exist: /var/www/html/phpmyadmin

Manón, estes donde estes...

¿quíen eres?

0 comentarios:

suscribirse

para perder un rato

lo que leo

entradas

etiquetas

zimbra-grupo