Submitted by helpmin on Mon, 01/23/2012 - 10:12
I am just curious about http://w3techs.com/sites/info/virtualmin.com
How were they able to detect the PHP version and also that you switched from CentOS 5 to scientific linux 6? Same is also true for my site.
Status:
Closed (works as designed)
Comments
Submitted by JamieCameron on Mon, 01/23/2012 - 11:40 Comment #1
Probably from the http response headers...
Does this matter to you? If so, it may be possible to disable those server identification headers...
Submitted by andreychek on Mon, 01/23/2012 - 11:49 Comment #2
Yeah, those parameters are tweakable in the Apache config -- you'd need to change both ServerTokens and ServerSignature.
You could disable ServerSignature, and set ServerTokens to "Minimal".
Submitted by helpmin on Mon, 01/23/2012 - 12:09 Comment #3
For example your site is
ServerTokens OS, right? The httpd header shows the apache version and CentOS (yes indeed).Apache/2.2.15 (CentOS)That basically means they got the os info from a different leak?
Submitted by andreychek on Mon, 01/23/2012 - 12:18 Comment #4
The Apache information for the virtualmin.com server used to say "Scientific Linux", but that was later changed to read "CentOS".
Chances are that it's simply hasn't seen the updated distribution name, which may have changed as recently as last week.
Submitted by helpmin on Mon, 01/23/2012 - 12:25 Comment #5
Same happened on my server.
Actually not sure, whether I understood correctly. Who changed it from Scientific Linux to Centos?
Submitted by JamieCameron on Mon, 01/23/2012 - 13:06 Comment #6
I suspect that header is determined based on the type of system Apache was built on, not the type it is running on ..
Submitted by helpmin on Mon, 01/23/2012 - 13:24 Comment #7
Ok. understand. I recently updated the httpd from your repo. You probably built this version on centos. That basically means all virtualmin installations with SL will show CentOS as OS sooner or later, right?
I guess the CentOS folks will be happy (not so sure about SL, though ;-)
Submitted by JamieCameron on Mon, 01/23/2012 - 13:57 Comment #8
Personally I dont think anyone should pay any attention to those server headers.. as you saw, they can be very misleading..
Submitted by helpmin on Mon, 01/23/2012 - 14:21 Comment #9
It is like user-agents, which can be also misleading. However tons of websites use exactly that kind of information for statistics or market share.
Anyway, the mystery (only on virtualmin servers) is solved now :-) thanks.
Submitted by JamieCameron on Mon, 01/23/2012 - 15:30 Comment #10