Changing Service Banners

Deep · 13-11-2004, 03:14 PM

Hello,
I want to change banners of services like Apache, SMTP (Sendmail) and POP3 on my server...

Server is based on Redhat Linux 3 Enterprise...

any ideas about it guys?

Deep

firewall · 13-11-2004, 05:15 PM

apache
go to
/src/include/httpd.h and search for:
#define SERVER_BASEVENDOR â€œApache Groupâ€?
#define SERVER_BASEPRODUCT â€œApacheâ€?
#define SERVER_BASEREVISION â€œâ€?
Change this to the desired values (BASEVENDOR: Microsoft, BASEPRODUCT: Microsoft-IIS, BASEREVISION: 5.0). Now re-compile apache.
Next: open your httpd.conf and search for the ServerTokens directive. If itâ€™s not there, add it. Set ServerTokens to Min (â€œServerTokens Minâ€?).

Sendmail
edit the ``/etc/sendmail.cf''
find ...
SmtpGreetingMessage=$j Sendmail $v/$Z; $b
change to:
SmtpGreetingMessage=$j Sendmail $v/$Z; $b NO UCE C=xx L=xx

You should replace the ``xx'' in the ``C=xx L=xx'' entries with your country and location codes. The latter change doesn't actually affect anything, but was recommended in the news.admin.net-abuse.email newsgroup as a legal precaution.

POP

If you are using QPopper then may try to edit popper/banner.h
No idea .....

hope this will help you...

Deep · 13-11-2004, 05:39 PM

awesome man...
I am gonna give it a shot on monday....

thanks
Deep

GNUrag · 14-11-2004, 01:23 PM

Quote:

Originally Posted by firewall

If you are using QPopper then may try to edit popper/banner.h No idea .....

Yes... its something like that.... after changing the header file you have to recompile QPopper from source and reinstall... its source code contains proper documentation on doing this thing properly... do read it...

Deep · 14-11-2004, 02:00 PM

to be frank if the thing is gonna be recompling the software and then reinstalling then i am not gonna do it...

I will simply call Racpspace.com people to do it coz in anyways they are gonna upgrade the kernel and other stuff on latest version in few days so i will ask them to do this as well..

actualy we had done Penetration Testing for our company server few days back and in that they had given us suggestions to change banners and all so thats the main reason for asking method to change the service banners...

anyways thanks alot for the help
Deep

GNUrag · 14-11-2004, 02:15 PM

arrrey nothing like a big compilation or something ... QPopper just needs a # make; make install; make clean; and its done... as far as i remember, QPopper's Daemon Banner is hard coded inside the binary... this is a wrong thing.... it should be there in its config files... And your webhosting provider bears this responsibility .... ask them only to do it...

Deep · 14-11-2004, 02:18 PM

okay..will tell them to do it...with kernel upgrade

damn they charge $150 for an hour lol

Deep

GNUrag · 14-11-2004, 02:20 PM

Wwwhhhatt???? $150 .... that's something like 6000 Rs.... dont they give ssh access ? i'd love to do an ssh from here right now and do it .... you can pay me just 1000 Rs....

Deep · 14-11-2004, 02:25 PM

hehe yes its dedicated server only

that's why they charge so much...
thing is anyways we are going to tell them to upgrade the kernel so they are going to charge for that so we will ask them to do this along with it...so it's kind of paisa wasool act....we will ask them to do few more things in 1 hr haha...

actually i can also give it a try and update the softwares there but the only thing i am worried is..if i do anything and something goes wrong then things will be stopped....and on our company site we get around 7000+ visitors a day and in festival time approx 9000+ a day so if something goes wrong inbetween then i will be in mess...

so company is ready to pay then why to worry hehe

i have one more question...i will ask in new post...
Deep

firewall · 14-11-2004, 06:32 PM

@Deep You can contact with me over YIM for a much cheaper price.

15-11-2004, 02:38 PM

LOL so changing banner will help you? No friend it will just make life harder! if some one run nmap they will dig out info.. oh yah do we have netcraft.com real server need not chage all this protect them at firewall, run only needed service, quality application, upgrade service (as need in your case it is done by IDC ppl) all these contribute more than banner IMPO

Deep · 15-11-2004, 02:42 PM

well i know changing banners is not gonna help much but still i prefer changing banners..

and as far as Netcraft and other port scanners are concern i suppose when they query the server/port ports sends them banner so if we change the banner so it will send diff info...

Deep

firewall · 15-11-2004, 03:05 PM

thats true.. changing a banner may prevent some scriptkiddies .. but if someone really wants to scan... ( may be using nmap..) it will check the service and the relevent ports...