Forum OpenACS Q&A: Response to AOLserver increase on Netcraft

Posted by S. Y. on
Some security pundits say to change the server identifier string anyhow to make crackers' lives more difficult (e.g., the Nessus vulnerability assessment tool tells you to do this). If you run Tcl or ADP pages, perhaps it's not going to matter, but after all, if some cracker is portscanning and looking for a vulnerable web server, they'll probably automate the whole thing and toss out obscure/unidentifiable server identifier strings.

Way back when I was running my own publicly accessible server, I changed the string to anonymous/service, so I only ended up as a "other" Netcraft statistic. You can change it in one of the include files (nsd.h, I think) then compile normally.

I'm not too sure about Netcraft's methodology and wouldn't really look at their statistics without a very large grain of salt. They admit to being thrown off by load balancers, etc. (try If sites like Geocities and Yahoo are running on a bunch of different OS + server software combinations behind load balancers, then they are not being properly represented in the Netcraft surveys (and I bet both sites have more than one machine apiece).

Nonetheless, Netcraft is a clever tool that occasionally comes in handy.