![]() Not a web server: A fictional potato-powered computer in the game Portal 2.Ī handful of sites return the following server header, which includes an inordinate number of software names and versions which are unlikely in practice: ![]() All of the purportedly potato powered web servers insinuate that there is only one potato involved in the generation of electricity (other examples include “ A Single Potato” and “ a potato"), with the only exception being a small number of servers that have adopted a higher tech approach with “ somme potatoes linked together”. ![]() A couple of servers also claim to be running “ GLaDoS PoTaTo”, which is a reference to the potato battery that powers the antagonist in the computer game Portal 2. Perhaps to avoid any ambiguities with a Debian distribution from the same era named Potato, there are also dozens of websites that claim to be running on “ A literal potato with wires sticking out of it”. Today, possibly in homage to this prank, there are several hundred websites that return a “ Server: Potato” response header. There are hundreds of web servers that claim to be running on a Commodore 64, but are more than likely not.Īnd whilst it is not impossible for a web server to be powered by a potato, one of the most well known examples that hit the news 22 years ago ultimately turned out to be a joke. Unlikely server bannersĪmongst the 1.2 billion websites, there are plenty of examples of unlikely server banners. Sometimes this is done in a deliberate attempt to cloak the truth or to mislead, while in others it may simply be done as a joke waiting to be found by anyone curious enough to look for the banner. Of course, with this amount of flexibility, a cheeky or malicious administrator can configure a web server to pretend to be anything they want. Server: REMOVED FOR PCI SCAN COMPLIANCE - SECURITY THROUGH OBSCURITY WORKS, RIGHT?.Our Web Server Survey includes a few websites that return the following Server header, which takes a deliberate swipe at the effectiveness of hiding this sort of information: A common reason for changing the default value is to reduce the amount of information that would be revealed to an attacker.įor example, if a web server advertises itself as running a vulnerable version of Apache, such as “ Apache/2.4.49” it could be more likely to come under attack than a server that reveals only “ Apache”. Web server software usually allows its server banner to be modified. This string is not ordinarily exposed to users, but most browsers allow it to be viewed in the Network Inspector panel. It does not reveal a version number.Ī web server reveals its server banner via the Server HTTP response header. One such example is “ Apache/2.2.32 (Unix) mod_ssl/2.2.32 OpenSSL/1.0.2k-fips DAV/2 PHP/5.5.38”.Ĭhrome’s Network Inspector showing the HTTP response headers for, which uses the nginx web server. Many of these server banners are simply short strings like “ Apache”, while others may include additional details that reveal which other software – and which versions – are installed on the server. Most of these sites return a server banner that shows which web server software they use, thus allowing us to determine the market shares of each server vendor since 1995. Netcraft’s most recent Web Server Survey includes nearly 1.2 billion websites.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |