Skip to main content

How to hide the server application version

Hiding the version of the software used on the server is a good practice to confuse potential hackers. After all, knowing the version, for example, a web server, you can try to exploit a vulnerability that is relevant for this version.

And if the hacker does not know which version of software is used on the server, the selection of the vulnerability becomes a little more difficult. This page presents the parameters of some applications that allow you to hide the version and even the fact of using the service itself.
(Further…)

Installing php 7.0.5 on debian

While some put php 5.3 , getting it out of the grave, I decided not to lag behind the whole planet, where the sites are translated to the seventh version of php, which is so much praised on the Internet, including high speed, and installed it from the DotDeb repository today. I must say, the increase in speed is really noticeable. My websites and WordPress, and MODX began to fly yet. :) That's how I did the migration.

(Further…)

Enable http2 support on a server with nginx and Debian

HTTP / 2 is the second version of the http network protocol, which includes many different improvements. These include multiplexing requests (all requests can be processed in parallel), increased performance, header compression, etc.

HTTP / 2 has replaced SPDY, which has been discontinued.

Nginx supports the http / 2 protocol, starting with version 1.9.5. However, only version 1.6.2 is present in the stable release of Debian Jessie. Therefore, we will connect the backports repository to upgrade nginx to 1.9.10.
(Further…)

Basic iptables configuration

One of the priorities after installing the system is to correctly configure iptables to filter traffic. The default policy allows everything that is not prohibited. This is not the most successful method in terms of security, because in this mode the server is exposed to intruders.

You can, for example, scan the ports open on the server. Based on this, it is possible to determine the services used, their version, the name and version of the operating system. Next - the selection of vulnerabilities to them. Or some icmp - messages can give extra information.

(Further…)