DeveloperSide.NET Forums
February 22, 2020, 06:25:51 PM *
Welcome, Guest. Please login or register.

Login with username, password and session length
News:
 
   Home   Help Search Login Register  
Pages: 1 [2]
  Print  
Author Topic: Released Web-Server v1.16 w/ Tomcat, mod_jk, mod_security...  (Read 23310 times)
0 Members and 1 Guest are viewing this topic.
admin
Administrator
Master of All Subjects
*****
Posts: 3272


View Profile WWW Email
« Reply #15 on: February 04, 2006, 05:49:11 AM »

Ahh, yes...
Quote
security through obscurity

Also know as...
Quote
The Microsoft way.


Quote

...and does help on persons manually searching for weaknesses, and some scripts. Plus depending on the change it may have a smaller header size.


Default setup...
Quote

Server Version: Apache/2.0.55 (Win32) PHP/5.1.2 mod_perl/2.0.2 Perl/v5.8.7
Server Built: Jan 21 2006 04:16:10
...
Apache/2.0.55 (Win32) PHP/5.1.2 mod_perl/2.0.2 Perl/v5.8.7 Server at localhost Port 80


With these changes...
Code:

ServerTokens Prod
ServerSignature Off


Quote

Server Version: Apache
Server Built: Jan 21 2006 04:16:10


With mod_security 'SecServerSignature'...
Quote

Server Version: NOYB
Server Built: Jan 21 2006 04:16:10
...
NOYB Server at localhost Port 80


I do not think mod_security works with IIS?  Either way, from what I have seen, the scripts are just going to try the exploits on port 80, regardless of the server string -- and any real hacker/cracker (anyone doing this manually or targeting your site specifically) is not going to be deterred nor stopped by the 'NOYB'.

BTW, that 'NOYB' string might as well say "I'm running Apache with mod_security" -- another one for the Google Hacking DB (that is, when/if that specific combination and the specific versions open up a problem that could be exploited in some way)...
http://johnny.ihackstuff.com/index.php?module=prodreviews
Logged

DeveloperSide.NET
Advanced PHP and MySQL Solutions for your Web Design and Development needs with Web.Developer Server Suite.
bozoka45
Member
*
Posts: 5


View Profile
« Reply #16 on: February 04, 2006, 08:09:18 AM »

Quote from: "admin"
What are the error or output messages on the command line?  If you have an already installed Apache or IIS Service, Apache will not install.
Run 'netstat -an' to see if anything is listening on port 80, Run 'services.msc' to see if you have an old Apache2 Service installed or IIS.


The service isn't installing itself. Could windows be blocking it?
Logged
admin
Administrator
Master of All Subjects
*****
Posts: 3272


View Profile WWW Email
« Reply #17 on: February 04, 2006, 08:44:03 AM »

As the other post mentioned, it could be an already installed Apache or IIS Service, bonded to port 80. If you would like to answer the questions in the other post -- I can take a look at it.  Also, read the thread at the top about 'common problems'.
Logged

DeveloperSide.NET
Advanced PHP and MySQL Solutions for your Web Design and Development needs with Web.Developer Server Suite.
Demoric
Jr. Member
**
Posts: 34

64788622 jaydiumsoftware
View Profile WWW
« Reply #18 on: February 04, 2006, 04:37:12 PM »

You make valid points about any devoted hacker not being disuaded by NOYB. Personally I use a " "  or my site's name instead of NOYB depending  on the server.

Quote
Also know as... The Microsoft way.

;) Glad you caught the referrence since we all know that obscurity isn't valid security, and thanks for the links on the subject.  I just look at it as why not change it.

Anyways thanks again for the refference links and keep up the good work on devside!  It really is a superior product.
Logged

ttp://jaydium.servehttp.com
http://jaydium.selfhost.com
bozoka45
Member
*
Posts: 5


View Profile
« Reply #19 on: February 05, 2006, 09:05:53 AM »

Quote from: "admin"
As the other post mentioned, it could be an already installed Apache or IIS Service, bonded to port 80. If you would like to answer the questions in the other post -- I can take a look at it.  Also, read the thread at the top about 'common problems'.


I have no other server installed, and nothing is listening on Port 80. I'll check out 'common problems'
Logged
bozoka45
Member
*
Posts: 5


View Profile
« Reply #20 on: February 05, 2006, 06:37:30 PM »

It appears to be something wrong with these release. I found version 1.14 of the devside release and it worked fine. Apache was having troubles starting, but it installed Ok.

UPDATE

I've got the service installed (the 1.16 release), however now it's giving me this error message when I try to start the server:

Quote

Can't load Perl file: /www/Apache2/conf/extra.pl for server localhost:80, exiting...


Running perl.exe on that file produces:

Quote

Perl lib version (v5.8.6) doesn't match executable version (v5.8.7) at G:/www/pe
rl/lib/Config.pm line 32.
Compilation failed in require at G:/www/perl/lib/DynaLoader.pm line 25.
BEGIN failed--compilation aborted at G:/www/perl/lib/DynaLoader.pm line 25.
Compilation failed in require at G:/www/perl/site/lib/ModPerl/Const.pm line 17.
BEGIN failed--compilation aborted at G:/www/perl/site/lib/ModPerl/Const.pm line
17.
Compilation failed in require at G:/www/perl/site/lib/Apache2/Const.pm line 17.
BEGIN failed--compilation aborted at G:/www/perl/site/lib/Apache2/Const.pm line
17.
Compilation failed in require at G:\www\Apache2\conf\extra.pl line 9.
BEGIN failed--compilation aborted at G:\www\Apache2\conf\extra.pl line 9.


Let me know if you need more info.
Logged
admin
Administrator
Master of All Subjects
*****
Posts: 3272


View Profile WWW Email
« Reply #21 on: February 05, 2006, 08:04:35 PM »

There is nothing wrong with the release...
(I would be getting posts everywhere and all kinds of e-mails)

Did you completely uninstall the older Suite before installing v1.16?  Stoped all the Services, uninstalled the Services, removed all components from the System PATH, and deleted or renamed the 'www' directory?
The uninstall instructions are right at the end (just note that the path strings have changed a bit from version to version, so do notice all the '\www\' dirs)
http://www.devside.net/web/server/free/setup/instructions

It sounds _a lot_ like you overwrote the 'www' dir with the new Suite version (which would cause these perl version problems -- as some of those files are marked 'read-only'). Or have an older www dir on one drive and a newer www on another.  Regardless of an uninstall.

I suggest you uninstall everything, clean the PATH of all Suite related dirs (anything that starts with a '\www\'), reboot, and do the v1.16 installation.  Should not take more than 5 minutes.

If this does not solve anything...
The contents of error.log under \www\Apache2\log\ would help.
Also run cmd.exe and 'echo %PATH%' and 'netstat -an'.
Logged

DeveloperSide.NET
Advanced PHP and MySQL Solutions for your Web Design and Development needs with Web.Developer Server Suite.
bozoka45
Member
*
Posts: 5


View Profile
« Reply #22 on: February 06, 2006, 04:29:56 AM »

It's on a new install of windows, that's why I was confused. I uninstalled everything (I think I skipped the PATH step before) and it all seems to work now. Sorry to be a nuisance and thanks.
Logged
Pages: 1 [2]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.9 | SMF © 2006-2009, Simple Machines LLC Valid XHTML 1.0! Valid CSS!