curl -I yourdomain.com 能看到什麼？ Server: Apache xxx PHP xxx XXX xxx ，明碼實價，一字排開。這是幹嘛，賣菜呢？我們不妨看看 curl -I www.google.com 結果如何：HTTP/1.1 302 FoundCache-Control: privateLocation: http://sorry.google.com/sorry/?continue=http://www.google.com/Date: Mon, 12 Jan 2009 06:57:41 GMTContent-Type: text/html; charset=UTF-8Server:

GFE/1.3Content-Length: 259請注意這裡 Google 的前端 Web Server 是 GFE/1.3 （Google Front Edge 1.3），至於它具體對應 Apache 1.3.x 還是 Windows 1.3，我們並不知曉。這樣就起到了很好的資訊隱藏作用，一旦網上發現 Apache 1.3.x 或者 Windows 1.3 的最新漏洞，黑客們並不會直接聯想到 GFE/1.3，自然也就不會來多作嘗試了。所以，我們應該把這些不可告人的祕密都隱藏起來，哪怕放一段文字廣告（如： [AD: DangDang http://tinyurl.com/2dangdang ][ Your AD Here ][AD: Joyo

http://tinyurl.com/2amazon ]），也比賣菜似的一一詳細羅列版本要好。參考解決方案：1. Lighttpd 1.4.20src/response.c:108 改為：buffer_append_string_len(b, CONST_STR_LEN("/r/nServer: [AD: DangDang http://tinyurl.com/2dangdang ][ Your AD Here ][AD: Joyo http://tinyurl.com/2amazon ]"));輸出 Header：HTTP/1.1 404 Not FoundContent-Type: text/htmlContent-Length: 345Date: Mon, 12 Jan 2009 13:54:02 GMTServer: [AD: DangDang http://tinyurl.com/2dangdang ][ Your AD Here ][AD: Joyo http://tinyurl.com/2amazon ]2. Nginx 0.7.30src/http/ngx_http_header_filter_module.c:48-49 改為：static char ngx_http_server_string[] = "Server: [AD: DangDang http://tinyurl.com/2dangdang ][ Your AD Here ][AD: Joyo http://tinyurl.com/2amazon ]" CRLF;static char ngx_http_server_full_string[] = "Server: [AD: DangDang http://tinyurl.com/2dangdang ][ Your AD Here ][AD: Joyo http://tinyurl.com/2amazon ]" CRLF;輸出 Header：HTTP/1.1 200 OKServer: [AD: DangDang http://tinyurl.com/2dangdang ][ Your AD Here ][AD: Joyo http://tinyurl.com/2amazon ]Date: Mon, 12 Jan 2009 14:01:10 GMTContent-Type: text/htmlContent-Length: 151Last-Modified: Mon, 12 Jan 2009 14:00:56 GMTConnection: keep-aliveAccept-Ranges: bytes3. Cherokee 0.11.6cherokee/version.c:93 新增：ret = cherokee_buffer_add_str (buf, "[AD: DangDang http://tinyurl.com/2dangdang ][ Your AD Here ][AD: Joyo http://tinyurl.com/2amazon ]");return ret;輸出 Header：HTTP/1.1 200 OKConnection: Keep-AliveKeep-Alive: timeout=15Date: Mon, 12 Jan 2009 14:54:39 GMTServer: [AD: DangDang http://tinyurl.com/2dangdang ][ Your AD Here ][AD: Joyo http://tinyurl.com/2amazon ]ETag: 496b54af=703Last-Modified: Mon, 12 Jan 2009 14:33:19 GMTContent-Type: text/htmlContent-Length: 17954. Apache 2.2.11server/core.c:2784 新增：ap_add_version_component(pconf, "[AD: DangDang http://tinyurl.com/2dangdang ][ Your AD Here ][AD: Joyo http://tinyurl.com/2amazon ]");return;輸出 Header：HTTP/1.1 200 OKDate: Mon, 12 Jan 2009 14:28:10 GMTServer: [AD: DangDang http://tinyurl.com/2dangdang ][ Your AD Here ][AD: Joyo http://tinyurl.com/2amazon ]Last-Modified: Sat, 20 Nov 2004 20:16:24 GMTETag: "1920edd-2c-3e9564c23b600"Accept-Ranges: bytesContent-Length: 44Content-Type: text/html5. Squid 3.0 STABLE 11src/globals.cc:58 改為：const char *const full_appname_string = "[AD: DangDang http://tinyurl.com/2dangdang ][ Your AD Here ][AD: Joyo http://tinyurl.com/2amazon ]";輸出 Header：HTTP/1.0 400 Bad RequestServer: [AD: DangDang http://tinyurl.com/2dangdang ][ Your AD Here ][AD: Joyo http://tinyurl.com/2amazon ]Mime-Version: 1.0Date: Mon, 12 Jan 2009 15:25:15 GMTContent-Type: text/htmlContent-Length: 1553Expires: Mon, 12 Jan 2009 15:25:15 GMTX-Squid-Error: ERR_INVALID_URL 0X-Cache: MISS from 'cache.hutuworm.org'Via: 1.0 'cache.hutuworm.org' ([AD: DangDang http://tinyurl.com/2dangdang ][ Your AD Here ][AD: Joyo http://tinyurl.com/2amazon ])Proxy-Connection: close6. Tomcat 6.0.18java/org/apache/coyote/http11/Constants.java:56 和 java/org/apache/coyote/ajp/Constants.java:236 均改為：ByteChunk.convertToBytes("Server: [AD: DangDang http://tinyurl.com/2dangdang ][ Your AD Here ][AD: Joyo http://tinyurl.com/2amazon ]" + CRLF);輸出 Header：HTTP/1.1 200 OKServer: [AD: DangDang http://tinyurl.com/2dangdang ][ Your AD Here ][AD: Joyo http://tinyurl.com/2amazon ]ETag: W/"7857-1216684872000"Last-Modified: Tue, 22 Jul 2008 00:01:12 GMTContent-Type: text/htmlContent-Length: 7857Date: Mon, 12 Jan 2009 16:30:44 GMT7. JBoss 5.0.0 GAa. tomcat/src/resources/web.xml:40 改為[AD: DangDang http://tinyurl.com/2dangdang ][ Your AD Here ][AD: Joyo http://tinyurl.com/2amazon ]b. 下載 JBoss Web Server 2.1.1.GA srctar （http://www.jboss.org/jbossweb/downloads/jboss-web/）java/org/apache/coyote/http11/Constants.java:56 和 java/org/apache/coyote/ajp/Constants.java:236 均改為：ByteChunk.convertToBytes("Server: [AD: DangDang http://tinyurl.com/2dangdang ][ Your AD Here ][AD: Joyo http://tinyurl.com/2amazon ]" + CRLF);將編譯所得 jbossweb.jar 覆蓋 JBoss 編譯輸出檔案：JBOSS_SRC/build/output/jboss-5.0.0.GA/server/all/deploy/jbossweb.sar/jbossweb.jarJBOSS_SRC/build/output/jboss-5.0.0.GA/server/standard/deploy/jbossweb.sar/jbossweb.jarJBOSS_SRC/build/output/jboss-5.0.0.GA/server/default/deploy/jbossweb.sar/jbossweb.jarJBOSS_SRC/build/output/jboss-5.0.0.GA/server/web/deploy/jbossweb.sar/jbossweb.jar輸出 Header：HTTP/1.1 200 OKServer: [AD: DangDang http://tinyurl.com/2dangdang ][ Your AD Here ][AD: Joyo http://tinyurl.com/2amazon ]X-Powered-By: [AD: DangDang http://tinyurl.com/2dangdang ][ Your AD Here ][AD: Joyo http://tinyurl.com/2amazon ]Accept-Ranges: bytesETag: W/"1581-1231842222000"Last-Modified: Tue, 13 Jan 2009 10:23:42 GMTContent-Type: text/htmlContent-Length: 1581Date: Tue, 13 Jan 2009 10:30:42 GM