Displaying Server Software Versions
For the reasons already explained (hacker searching for known security flaws on the software you are running), you should disable as much as you can the programs you have on your server from displaying their names and versions.
If you are running Apache, which is the most popular webserver software available, you can add an extra layer of security by editing its httpd.conf file and adding (do not forget to restart Apache afterwards):
These directives will make the server software not display its identity anymore in cases like the one explained in the previous page.
If your webserver is running an FTP server program (most likely, as it allows you to upload files to your server), you should verify whether or not it displays its name and version when you try to log in. Most FTP servers will allow you to change that.
For example, the default message displayed by ProFTPD is something like “220 ProFTPD 1.3.1 Server (Debian),” which not only displays its name and version, but also the name of the operating system (Debian).
However, if you edit the file proftpd.conf and add the lines shown in Figure 7, it will display only “220 FTP Server ready,” which is much better, as it does not give away the particulars of your system.
Of course this configuration is valid only for ProFTPD, and your server may be running a different program; we wanted to give you a real example and show you the kind of thing you must change on your server.
If you do not have full access to the webserver where you website is hosted, you should discuss these configurations with your hosting company.