记录黑客技术中优秀的内容, 传播黑客文化,分享黑客技术精华

如何在Linux服务器中隐藏PHP版本

2015-04-27 22:00
870a30d1a8d393641da6cf3cb2c34d80

通常,大多数默认设置安装的web服务器存在信息泄露,这其中之一就是PHP。PHP 是如今流行的服务端html嵌入式语言(之一?)。在如今这个充满挑战的时代,有许多攻击者会尝试发现你服务端的漏洞。因此,我会简单描述如何在Linux服务器中隐藏PHP信息。

默认上expose_php默认是开的。关闭“expose_php”参数可以使php隐藏它的版本信息。

  1. 1
    <span class="pun">[</span><span class="pln">root@centos66 </span><span class="pun">~]#</span><span class="pln"> vi </span><span class="pun">/</span><span class="pln">etc</span><span class="pun">/</span><span class="pln">php</span><span class="pun">.</span><span class="pln">ini</span>

在你的php.ini, 定位到含有expose_php的那行把On设成Off:

  1. 1
    <span class="pln">expose_php </span><span class="pun">=</span> <span class="typ">Off</span>

在此之前,web服务器头看上去就像这样:

  1. 1
    <span class="pun">[</span><span class="pln">root@centos66 </span><span class="pun">~]#</span><span class="pln"> curl </span><span class="pun">-</span><span class="pln">I http</span><span class="pun">:</span><span class="com">//www.ehowstuff.com/</span>

  1. 1
    <span class="pln">HTTP</span><span class="pun">/</span><span class="lit">1.1</span> <span class="lit">200</span><span class="pln"> OK</span>
  2. 1
    <span class="typ">Server</span><span class="pun">:</span><span class="pln"> nginx</span>
  3. 1
    <span class="typ">Content</span><span class="pun">-</span><span class="typ">Type</span><span class="pun">:</span><span class="pln"> text</span><span class="pun">/</span><span class="pln">html</span><span class="pun">;</span><span class="pln"> charset</span><span class="pun">=</span><span class="pln">UTF</span><span class="pun">-</span><span class="lit">8</span>
  4. 1
    <span class="typ">Vary</span><span class="pun">:</span> <span class="typ">Accept</span><span class="pun">-</span><span class="typ">Encoding</span>
  5. 1
    <span class="pln">X</span><span class="pun">-</span><span class="typ">Powered</span><span class="pun">-</span><span class="typ">By</span><span class="pun">:</span><span class="pln"> PHP</span><span class="pun">/</span><span class="lit">5.3</span><span class="pun">.</span><span class="lit">3</span>
  6. 1
    <span class="pln">X</span><span class="pun">-</span><span class="typ">Pingback</span><span class="pun">:</span><span class="pln"> http</span><span class="pun">:</span><span class="com">//www.ehowstuff.com/xmlrpc.php</span>
  7. 1
    <span class="typ">Date</span><span class="pun">:</span> <span class="typ">Wed</span><span class="pun">,</span> <span class="lit">11</span> <span class="typ">Feb</span> <span class="lit">2015</span> <span class="lit">14</span><span class="pun">:</span><span class="lit">10</span><span class="pun">:</span><span class="lit">43</span><span class="pln"> GMT</span>
  8. 1
    <span class="pln">X</span><span class="pun">-</span><span class="typ">Page</span><span class="pun">-</span><span class="typ">Speed</span><span class="pun">:</span> <span class="lit">1.9</span><span class="pun">.</span><span class="lit">32.2</span><span class="pun">-</span><span class="lit">4321</span>
  9. 1
    <span class="typ">Cache</span><span class="pun">-</span><span class="typ">Control</span><span class="pun">:</span><span class="pln"> max</span><span class="pun">-</span><span class="pln">age</span><span class="pun">=</span><span class="lit">0</span><span class="pun">,</span> <span class="kwd">no</span><span class="pun">-</span><span class="pln">cache</span>

更改并重启 Web 服务后,php就不会在web服务头中显示版本了:

  1. 1
    <span class="pln">HTTP</span><span class="pun">/</span><span class="lit">1.1</span> <span class="lit">200</span><span class="pln"> OK</span>
  2. 1
    <span class="typ">Server</span><span class="pun">:</span><span class="pln"> nginx</span>
  3. 1
    <span class="typ">Date</span><span class="pun">:</span> <span class="typ">Wed</span><span class="pun">,</span> <span class="lit">11</span> <span class="typ">Feb</span> <span class="lit">2015</span> <span class="lit">15</span><span class="pun">:</span><span class="lit">38</span><span class="pun">:</span><span class="lit">14</span><span class="pln"> GMT</span>
  4. 1
    <span class="typ">Content</span><span class="pun">-</span><span class="typ">Type</span><span class="pun">:</span><span class="pln"> text</span><span class="pun">/</span><span class="pln">html</span><span class="pun">;</span><span class="pln"> charset</span><span class="pun">=</span><span class="pln">UTF</span><span class="pun">-</span><span class="lit">8</span>
  5. 1
    <span class="typ">Vary</span><span class="pun">:</span> <span class="typ">Accept</span><span class="pun">-</span><span class="typ">Encoding</span>
  6. 1
    <span class="pln">X</span><span class="pun">-</span><span class="typ">Pingback</span><span class="pun">:</span><span class="pln"> http</span><span class="pun">:</span><span class="com">//www.ehowstuff.com/xmlrpc.php</span>
  7. 1
    <span class="typ">Date</span><span class="pun">:</span> <span class="typ">Wed</span><span class="pun">,</span> <span class="lit">11</span> <span class="typ">Feb</span> <span class="lit">2015</span> <span class="lit">14</span><span class="pun">:</span><span class="lit">10</span><span class="pun">:</span><span class="lit">43</span><span class="pln"> GMT</span>
  8. 1
    <span class="pln">X</span><span class="pun">-</span><span class="typ">Page</span><span class="pun">-</span><span class="typ">Speed</span><span class="pun">:</span> <span class="lit">1.9</span><span class="pun">.</span><span class="lit">32.2</span><span class="pun">-</span><span class="lit">4321</span>
  9. 1
    <span class="typ">Cache</span><span class="pun">-</span><span class="typ">Control</span><span class="pun">:</span><span class="pln"> max</span><span class="pun">-</span><span class="pln">age</span><span class="pun">=</span><span class="lit">0</span><span class="pun">,</span> <span class="kwd">no</span><span class="pun">-</span><span class="pln">cache</span>

LCTT译注:除了 PHP 的版本之外,Web 服务器也会默认泄露版本号。如果使用 Apache 服务器,请参照此文章关闭Apache 版本显示;如果使用 Nginx 服务器,请在 http 段内加入

1
server_tokens off;

配置。以上修改请记得重启相关服务。

via: http://www.ehowstuff.com/how-to-hide-php-version-in-linux/

作者:skytech 译者:geekpi 校对:wxy

本文由 LCTT 原创翻译,Linux中国 荣誉推出:http://linux.cn/article-5166-1.html

原文:http://www.ehowstuff.com/how-to-hide-php-version-in-linux/作者: skytech

译文:LCTT  http://linux.cn/article-5166-1.html译者: geekpi

 

转载如何在Linux服务器中隐藏PHP版本请注明出自:安全盒子

知识来源: www.secbox.cn/hacker/program/php/2990.html

阅读:129654 | 评论:0 | 标签:PHP 隐藏PHP版本

想收藏或者和大家分享这篇好文章→复制链接地址

“如何在Linux服务器中隐藏PHP版本”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

公告

九层之台,起于累土;黑客之术,始于阅读

推广

工具

标签云