Oct 31, 2012

Hide Your PHP Version in Ubuntu

Yesterday I wrote about how to hide your Apache version in Ubuntu to keep bad guys from enumerating what version of Apache you were running so they can find vulnerabilities easier. Today we will be doing the same thing for PHP. By default in Ubuntu PHP announces to the world what version you are using. Let's turn that off.

In Ubuntu open /etc/php5/apache2/php.ini with your favorite editor. Find the line that says expose_php = On and change it to say expose_php = Off. Save php.ini then restart Apache by running sudo service apache2 restart.

Simple isn't it? Now the bad guys can't see what version of PHP you are running, which will make breaking into your web server a little tougher.

What other things do you do to help protect your LAMP servers? Let me know in the comments.

Twitter Delicious Facebook Digg Stumbleupon Favorites More

Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | stopping spam