HI, All.
I am sorry in bad English. Cause I understand in Japanese. >> Try setting ServerTokens Min in /etc/httpd/conf/httpd.conf and >> /etc/admserv/conf/httpd.conf instead of ProductOnly. > Which is better, but I'd like to get ride of that version. Slapper can still use it. Yes, I agree completely. And I fear being attacked by someone who use an EXPLOITable attacking tool. The attacking tool does not use ServerTokens version because Black Hat Atacker already knows my server's version, anyway. It is a matter of course that the Worm is automatic, Worm must know our server's version. But a man who will atack my server , already knows the attacking method which is alike and suitable for the situation, version of my server. The attacking tool is known, It was opened to the public. > Which is better, but I'd like to get ride of that version. Slapper can still use it. Yes, Subspecies Worm sees version apache 1.3.6 then SubspeciesWorm knows IT IS COBALT RAQ3 ! ( Other server use 1.3.6? NO! ) Best Regards. _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
