Servers by default display information via Apache and PHP that makes them vulnerable. With Apache, the version number and installed module versions are listed at the bottom of 404 error pages and on HEAD requests. With PHP, because it runs on our servers as CGI, when it processes php scripts, it adds the “X-Powered By” and displays the version number. In both cases this is not desirable as attackers can use such information to compromise the server.
Continue reading