Question:
What The Hell with Whois?! It Reveals Your Servers' OS! A Goldmine for an Attacker!Is this meant to be PUBLIC?
None N
2008-11-30 18:16:46 UTC
Don't worry, this long boring is just an explanation of what goes in mind....

The WHOIS system originated as a method that system administrators could use to look up information to contact other IP address or domain name administrators (almost like a "white pages"). This website http://www.domaintools.com/ provides such a service. Anyhow, one of the information i got is "Server type"! Server type should be private because this is just like fingerprinting. When a hacker uses nmap against my server, attacker must know what OS i use so he can use proper tool against my OS.

However, nmap does not give the attacker the OS you are using. Lets say an attacker used this command
nmap -O MY-IP, nmap will give a message that says you do not have privileges to fetch this info. On the other hand, domaintools.com gives you the server type, such as "Apache/1.3.41 (Unix) PHP/4.4.8 mod_gzip/1.3.26.1a mod_log_bytes/1.2 mod_bwlimited/1.4 mod_ssl/2.8.31 OpenSSL/0.9.8b". Honestly, this is enough information for the hacker to know which tools to use so he/she can hack my server. What do you say about this? Am i right? If yes, then how such things can be explicit? If i'm not right, so what server type refers to & why it is not dangerous to be revealed on public?

I'm new to securities stuff, so i could be wrong. Just trying to learn how to defend my server against attackers. If you have proper prof. sources to learn from, please drop some links.

Thanks
Four answers:
anonymous
2008-11-30 18:40:43 UTC
A cracker cannot compromise your server based on environment variables alone.



Environment variables can suggest exploits that might work on the server, especially on servers running unpatched software or software with known security holes. However, it's a minor convenience, as most packet sniffers -- the way most hackers find servers to attack -- will discover the very same information about the site of which you complain.



Environment variables are required by many programs to ensure that they communicate properly with your Web server. In other words, your server must expose the information it exposes in order for Web browsers to properly communicate with it.



Web sites are exploited when their network admins run bad code on them. Period. Don't blame the fox getting into the henhouse on the hens cackling; blame it on yourself for not making a good henhouse and letting the watchdog sleep during his shift.
Matt Flaschen
2008-12-01 02:33:37 UTC
WHOIS does not give any software info.If you do a WHOIS search on that site, you'll see whois information, which is about the /domain/, not the server.



However, any HTTP request will tell you what the server is running. Why? Because the server tells you itself. Try going to http://web-sniffer.net/ and entering http://CNN.com/ It will tell you immediately that CNN is running Apache. Some sites will also report more infromation, such as the version. For instance, http://php.com voluntarily reports that they're running PHP/5.2.1 Why? Because security through obscurity is not security at all.
CWT9881a
2008-12-01 02:21:59 UTC
If you're running Apache on a Unix system, the only thing you need to worry about is your php code. If you're running IIS on Windows, you're screwed. Either way, it doesn't matter who knows it.
Newborn
2008-12-01 02:21:38 UTC
my server runs on linux, I let everyone know of it on a daily basis.



it should really matter really.


This content was originally posted on Y! Answers, a Q&A website that shut down in 2021.
Loading...