Frank Wiles wrote:
On Mon, 01 Nov 2004 17:47:26 -0500 Stas Bekman <[EMAIL PROTECTED]> wrote:
for some reason we still don't have the numbers for Oct 2004 from netcraft but regardless it's easy to see that the stats are getting worse all the time:
http://perl.apache.org/outstanding/stats/securityspace.html http://perl.apache.org/outstanding/stats/netcraft.html
Isn't this probably caused in part by systems that don't have
'mod_perl' in their server signature and/or systems using a small
Apache front end with a mod_perl backend on another port?
You mean the decline is because more and more people move to the front-/back-end setup, and people aren't just moving to php?
I just noticed that by default, Fedore Core ships httpd.conf with this snippet:
# # Don't give away too much information about all the subcomponents # we are running. Comment out this line if you don't mind remote sites # finding out what major optional modules you are running ServerTokens OS
So that certainly doesn't help numbers.
I just checked my system at home and it doesn't report "mod_perl" to NetCraft.
I think we discussed that earlier. If I remember correctly NetCraft can't scan ports (even the known ones) due to legal reasons.
Maybe we should put together a quick howto on fixing
that and suggest it on the mailing list?
Do you think it'll have any impact when we talk about hundreds of thousands of users who aren't on the list and will never reach our site?
What technique to help the scanners were you thinking about?
How about my X-Powered-By suggestion for a while ago ?
http://perl.apache.org/advocacy/issues.html#X_Powered_By
-------------------------------------------------------------------------------- Philippe M. Chiasson m/gozer\@(apache|cpan|ectoplasm)\.org/ GPG KeyID : 88C3A5A5 http://gozer.ectoplasm.org/ F9BF E0C2 480E 7680 1AE5 3631 CB32 A107 88C3A5A5
signature.asc
Description: OpenPGP digital signature
