Oh this is gonna be fun.
Previously I showed you how to tweak your machine’s TCP/IP fingerprint to look like something else.
Today, we will customize server files into whatever we want it to look like. Remember this doesn’t provide you with additional security for your server or computer, it’s mostly for fun and sometimes does confuse the ussual script kiddies.
First let’s look at the default 404 error page.
Ignore the part where it says: My Computer is running the same thing your computer is running. I will show you how to do it later. First we will change the icon that says “powered by apache 2.2″. This is a “gif” file located under the “icon” directory with the filename “apache_pb2.gif”. ie, “/icons/apache_pb2.gif”. The gif file is 259 by 32 pixels, you don’t necessarily have to use that pixel size, but if you wanted to use the same look and feel as the original file you could use that size. We will use Mr. Skull for our example.
You will also notice that gif file also has a link embedded so when you click the picture it will direct you to http://httpd.apache.org/ . So we will edit it to our own homepage, http://www.windowhaxor.net. To achieve this we will have to edit the “/error/include/bottom.html” file.
I also edited the “/error/contact.html.var” to replace “webmaster” with “God”
How about the time? we don’t want to reveal what server time it is. So let’s change that. I couldn’t find any simple way to put a future date. So I used some common SSI format string that would make it look weird without any sense. I edited the bottom.html file where the original format string looks like this:
<!–#config timefmt=”%c” –>
Which I changed to this:
<!–#config timefmt=”%S %j %w” –>
Here %S = Seconds in Number
%j = Day of the Year Number
%w = Day of the Week Number
The result is this:
33 209 5 won’t make any sense to a someone who is trying to find out the server time so that they can probe it when it is less likely (night) to be watched closely.
Ok now how did we change the Apache signature in to saying: My Computer is running the same thing your computer is running ? We used a apache module called Modsecurity, which you can download from here: http://www.modsecurity.org/download/index.html After installing it like installing any other apache modules.
ie, extract the content of the zipped files under the module subfolder and edit the apache.conf file and add this line “LoadModule security2_module modules/mod_security2/mod_security2.so” make sure
“LoadModule unique_id_module modules/mod_unique_id.so” is uncommented. Restart apache.
Edit “modules\mod_security2\rules\modsecurity_crs_10_config.conf”
That’s it! Remember. Mod security is a very complex module with zillions of options and can make your server sluggish if you don’t know what you are doing. So study the reference guide before jumping for it.
After a little bit of tweaks here and there this is what my 404 error page looks like:
That’s all for now. Remember it’s all just fun!
Cheer,
pavs
Security Window Hacks
