Web 2.0 Entrepreneur

How to hide your Apache and PHP version number

• Posted by Tengku Zahasman on January 15th, 2008 filed in Tutorial, Security, System Administration


• 4 Comments »
• (1,011 Views)

One of the most basic security practice in the web application world is to hide your web server’s software version number. It doesn’t matter if you use Apache 1.3.37 or lighttpd 1.4.10 on a Linux machine or IIS-5.0 on Windows, hiding the version number is crucial if you want to mitigate the risk of your server being attacked by troublemakers.

BEFORE TREATMENT:

AFTER TREATMENT:

Version numbers are the first thing a typical hacker will look for if they want to attack your server. This is because once they know what version your web server is running on, they can easily look for what kind of vulnerabilities are associated with that version, and then simply run the related exploit to hack your server. Attackers can easily know the type and version of your webserver by looking at the HTTP response headers received after they send requests to your application through a Telnet program, or by using Firefox addons/extensions like ServerSpy and Live HTTP Headers in order to see your web server’s version the moment they visit your site.

So hide your Apache and PHP version!

In order to do this, you need to do some sys admin job. I am going to specifically focus on Apache and PHP because I am more of a LAMP (Linux + Apache + MySQL + PHP) user. If you use ASP on Microsoft IIS, I can’t help you much with all these version-hiding thingy (but hey, Google is there to save your day! )

So here goes..

Hide Apache version number:

• Open your Apache’s httpd.conf file (in my case, # vi /usr/local/apache/conf/httpd.conf), and look for the line that says: “ServerSignature On“
• Change it to “ServerSignature Off” (this will hide the Apache version normally seen at the bottom of your 404 error pages)
• Then add “ServerTokens Prod” below that line (to hide the version in HTTP response headers)
• Restart your HTTP service (# /etc/init.d/httpd restart)
• Done! No more Apache version numbers

Hide PHP version number:

• Find your php.ini file (in my case, # vi /usr/local/lib/php.ini), and look for the line that says: “expose_php On“
• Change it to: “expose_php Off“
• Restart your HTTP service if necessary
• Done! No more PHP version number in your HTTP response header

Wasn’t that hard now, was it? Just a few tweaks can save you a great deal of security risk, and may save you your business too! Bear in mind that this does not in any way protect from real vulnerabilities that may be associated with your version. Patches or upgrades should still be applied. However, hiding the version numbers will at least make the hackers life harder

Create a Reflection effect using Fireworks in 5 simple steps

• Posted by Tengku Zahasman on June 10th, 2007 filed in Web Design, Fireworks, Tutorial


• 15 Comments »
• (5,990 Views)

One of the usual designs around Web 2.0 includes having texts or images to appear reflected as if they’re on a shiny-clean surface. Last month I provided some simple tips on creating a decent Web 2.0 logo (which applied the reflection technique) but since it wasn’t a tutorial post, I didn’t explain step by step of how to actually do it using an image editing tool. It ain’t that hard if you’re a fast learner…. only 5 steps to go through. But before we do anything, let’s see the example end result that we’re trying to create in this tutorial (btw, this tutorial uses Fireworks 8 as the image editing tool):

Looks good enough to you? Now let’s get started!

Step 1 : Write the text

Obviously you need *something* to apply the reflection effect to. So open up your Fireworks application and write some texts on the canvas (using the Text tool). It doesn’t matter what fonts or colour you wanna use, just get some texts on the canvas quickly.

Step 2 : Duplicate the text

We’re going to use the duplicated text as the reflection later. So if you’re wondering how to duplicate the text, here’s how: Copy and paste. Just select the text (use the Pointer tool) and then press CTRL+C (to copy) and CTRL+V (to paste). This will paste the very same text on top of the original text, so it’ll look as if nothing happened.

Step 3 : Flip the duplicated text vertically

This shouldn’t be painful. Just go to the toolbar menu and find Modify -> Transform -> Flip vertical.

By now you should see the original text behind the flipped duplicated one. It’ll look something like this:

Step 4 : Move the flipped text below the original text

Push the *downwards* arrow button on your keyboard until the flipped text is placed just below the original text.

Alright…. the reflection is now in place. What you need to do next is have the bottom part faded so that it looks more realistic… let’s proceed.

Final Step : Fade out the bottom part of the duplicated (and flipped) text

To do this is easy. There’s a build-in Fireworks command that can do the fade out for you. Simply go to the toolbar menu and click on Commands -> Creative -> Fade Image. A new dialog box will pop-up giving you options of where you want the image to be faded out; either top, bottom, sides, etc. We want to fade out the bottom part, so use some common sense and choose the right option

By doing that, the reflection is now faded out. If you find the reflection to be revealing too much, just drag the controller pane up a bit and adjust until you’re satisfied.

Done! Wasn’t that hard was it? Having this steps mastered adds you another graphic design skill that you can apply in many things (logos, menus, buttons, etc). Now go repeat everything again with different fonts and colours, add some gradients or anything so that you can remember the steps like the back of your hand.