Web server

All posts tagged Web server

“When the time for the march of one’s enemy’s army has approached, one has to obstruct the enemy or send him far away, or make his movements fruitless, or, by false promise, cause him to delay the march, and then deceive him after the time for his march has passed away. One should ever be vigilant to increase one’s own resources and frustrate the attempts of one’s enemy to gain in strength.”

-Kautilya, Arthashastra.

Bannergrabbing or fingerprinting is the method of gaining information about the target host OS. web server type, version etc. Once the hacker gets the needed information about the target OS etc, he can easily find out the vulnerabilities present in particular version and launch his attacks against it. Today we are going to see how webserver bannergrabbing is performed on web servers and how to apply counter measures to it. We will see Apache and IIS 8 server examples in this article.

Apache:

Imagine I have set up a website named www.shunya.com on an Apache server. A hacker can easily find Information about the web server in different ways. For example, a hacker can visit the website and and try to open a webpage which is not existent on my server,like below.

wbc1

 

In the above example, hacker tried to open page named “admin.php” which was not available on my server and in turn the server responded with a type of web server, the target OS and the scripting language. This is giving out too much information.

The traditional and popular way of fingerprinting is through telnet. A hacker opens command line or terminal. and types the command “telnet www.shunya.com 80″. When the screen goes black, type “HEAD / HTTP/1.0″ and this will give the server information.

wbc2

 

There are also many fingerprinting tools available. I am gonna show you only one, Id serve. Let’s see how to banner grab using Id serve.

wbc3

 

Now what are the preventive measures we can take in Apache server to disable or atleast prevent fingerprinting to some extent. Apache web server has a configuration file called “httpd.conf” where we can make changes to fight fingerprinting. Go to httpd.conf and change the value of the option “Server Signature  to off”. This will not display any information about server when an nonexistent page has been accessed.

wbc4

 

In the httpd.conf file, changing the value of “Server Tokens” from “Full” to “Prod” will only show the minimum server information as shown below.

wbc5

wbc6

 

 

This still discloses that our web server is Apache but it doesn’t show the version. In Kautilya’s words this is delaying the march of enemy. Here are the options we set.

wbc7

 

IIS 8:

Now imagine we changed our www.shunya.com website from Apache server to the latest version of Microsoft web server, IIS 8. To prevent error pages form revealing any infomation in IIS server, we can set custom error pages.  Now let’s use IDserve tool to fingerprint the IIS 8 server.

wbc8

 

It shows the server version. Now how can we prevent this. Microsoft provides a tool named UrlScan freely available for download which can be used easily to process HTTP requests. Download this tool and install it. ( See how to configure Urlscan for IIS 7.5 and IIS 8 ). Then go to the configuration file of UrlScan, “UrlScan.ini” located at “C:WindowsSystem32inetservUrlscan” by default and change the value of “RemoveServerHeader’ from “0″ to “1″.

wbc9

 

This will not reveal the server version information as shown below.

wbc10

 

We can further mislead the attacker by setting our server name to some other value different than our original one. This can be done by setting the value of “RemoveServerHeader” to “0 “and changing the value of “AlternateServerName” to the value we want to specify ( in our example Nginx ).

wbc11

 

So when the attacker tries to fingerprint our website, he will be misleaded.

wbc12

 

Note: Taking this preventive measures will not stop a determined hacker to find out our server information.

We can easily install a web server in Windows Server 2012 using Microsoft Web Platform Installer. The Microsoft Web Platform Installer (Web PI) is a simple tool that installs the latest components of the Microsoft Web Platform including IIS, PHP, MYSQL and many others. It can be downloaded for free from here. In this tut we will install IIS, PHP and MYSQL using this tool.

Download and install Web Platform installer 4.6. Click on it.

webpi1

 

Select the components you want to install. I have selected IIS, PHP and MYSQL.

webpi2

webpi3

 

webpi4

 

After selecting the applications you want to install, click on “Install”. If you have selected MYSQL, it will prompt for a password to be set for MYSQL. Enter the password and click on “Continue”.

webpi5

 

It will display a summary of components which will be installed. Click on “I Accept”.

webpi6

 

After system finishes installing all the components, click on “Finish”. After the installation is finished, open your browser and see whether IIS8 installation has been successful. If the display shows the version of IIS displayed as below, then our web server installation has been  successful.

webpi7

 

Now let’s test our php. Go to the root directory which is “%systemroot%/inetpub/root” in IIS and create a php file with the following script and save it as version.php ( in fact any name but with php extension. )

webpi8

 

Now go to address “http://localhost/version.php” from the browser.

webpi9

 

If it displays the version of the php installed, then our php installation has been successful. Hope this was helpful.

Apache is the most popular web server but Microsoft’s IIS  is fast gathering  pace. IIS 8  has introduced many popular features to the  Microsoft web server  to bring its competitive level on par with its counterparts. IIS 8 is only present in Windows Server 2012 and Windows 8. Today let’s see how to set up a web server in Windows Server 2012.

Open Server Manager, on the Local server click on “Add Roles and Features”.

wsws1

 

The Add Roles and Features wizard appears. with a default warnings page. Click on “Next”. 

wsws2

 

On the Installation type page, Select “Role based or Feature based selection” and click on “Next”.

wsws3

On the Server Selection page, Select the server on which you want to install the web server. Since I have only one server installed, I selected that. Click on Next.

wsws4

On the Server Roles page, select the role of “Web Server” and click on “Next”.

wsws5

 

On the Features page, click on “Next” since we don’t need any additional features to be installed for the web server.

wsws6

 

A web Server Role page opens which is somewhat like a summary  page. Click on “Next”.

wsws7

 

A Role Services page opens. Select the services you want to install for your web server. If you are not sure, continue with the default services by clicking on “Next”.

wsws8

 

On the Confirmation page, Click on “Install”.

wsws9

 

The installation will take a few minutes. After the installation is finished, Click on “Close”.

wsws10

To check if your web server is successfully installed, open Internet Explorer and type ‘localhost’. If you see the below IIS8 displayed, you have successfully installed a web server on your Windows Server 2012.

wsws11

 

In this article, we are going to see how to set up a web server in Ubuntu Server. Before that, I want to give  credit for this article to Mike of www.funwithlinux.net. I learnt how to install the web server from this article, made some mistakes initially but finally successful.

What is a web server? It is a server which hosts websites. Each and every website has a  server. Most web servers are set up on Linux for the primary reason that it is free. I am going to set up my web server on Ubuntu Server 12.04.

To set up a web server we are going to install four components, Apache (server software), PHP (scripting language used to create webpages), MYSQL (database), PHP-MYSQL (MySQL support in PHP ). Login as root into Ubuntu server.

In the terminal type “apt-get install apache2″ to install Apache package. Type ‘Y’ when system prompts you to continue.

uws1

 

To check whether apache packages have been installed or not type the command “wget localhost index.html” in the terminal. This will download the index.html file to the local directory. Type “ls” to see if the file has been downloaded or not. If it is present, apache has been correctly installed.

uws2

The apache2 config file is located at “/etc/apache2/”. In this same directory we have a directory named ‘conf.d’. Configuration files( files with the suffix .conf ) in this directory will be parsed by apache2 during startup.  If we intend to run multiple sites from the same server, we need to put our config files here. Let’s create a file name “shunya.com.conf”.

uws3

In the file shunya.com.conf, add the following text and save the file. The first line tells  Apache to  listen on port 80. The second line shows the ServerAdmin and is optional. The third line shows our web server’s root directory. The fourth line is host header Apache2 will listen for, as sent by the end user’s browser. The fifith line is the file used for logging errors. This line is also optional but is very helpful.  The settings not configured under <VirtualHost> tags will be inherted from apache2.conf or other configuration files. Close the file by typing “:wq”.

uws4

 

As we created the config file of our host, we need to create our root directory referenced in the config file i.e “/var/www/shunya.com”. Navigate to the directory by typing “cd /var/www/”. Create new direcory named ‘shunya.com’ by typing “mkdir shunya.com”. Make the root user the owner of the directory by typing the command “chown root:www-data /var/www/shunya.com -R”. Make this directory readable and executable by typing the command “chmod 550 /var/www/shunya.com -R”.

uws5

 

Create a file named index.php in our root directory shunya.com.

uws6

 

Edit the file as below. We will echo some Archimedes in our index.php file. Save and exit the file.

uws7

 

Next, we have to install PHP. Type the command “apt-get install php5″. Type Y at appropriate prompts.

uws8

 

Reload the apache config file by typing “service apache2 reload”. Then restart the apache service using “service apache2 restart”.

uws9

 

Let’s see if our website is working. From a remote machine which has access to ur web server open the browser and type the IP address of the web server. If we get “Eureka Eureka” displayed, then our server is working.

uws10

 

Install Mysql server by typing “apt-get install mysql-server”. 

uws11

 

The system will prompt you to set a root user password for MYSQL. Set the password and confirm it again.

uws12

 

uws13

Type the command “apt-get install php5-mysql” to install Mysql support for PHP.

uws14

 

We have set up our web server successfully.