0

I using OpenVZ Web Panel to manage my VPS servers and when I scanned my server with nmap I saw:

PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 6.0p1 Debian 4 (protocol 2.0) 135/tcp filtered msrpc 139/tcp filtered netbios-ssn 445/tcp filtered microsoft-ds 3000/tcp open http WEBrick httpd 1.3.1 (Ruby 1.8.7 (2012-02-08)) Service Info: OS: Linux; CPE: cpe:/o:linux:kernel

So I have question - how hide WEBrick httpd 1.3.1 and Ruby version?

Camorra
  • 11
  • 1
  • 1
  • 2
    Don't use WEBrick? It's meant to be a development aid, not a production web server. – Michael Hampton Jul 12 '13 at 07:48
  • Oh, and don't cross-post between Serverfault and any other StackExchange network site. http://stackoverflow.com/questions/17609654/ruby-hide-webrick-httpd-version – Tom O'Connor Jul 12 '13 at 08:20

1 Answers1

1

Seriously, WEBrick in production?!

Don't.

Use Passenger, Unicorn or Thin instead, they're faster, more scalable and more customisable.

Also, I'm not entirely sure this is a function of WEBrick, and not a function of your application. (Source: https://stackoverflow.com/questions/10125124/sinatra-on-thin-how-to-hide-or-change-http-server-response-header)

Further evidence that you can't do it without hacking about with WEBrick.

Community
  • 1
Tom O'Connor
  • 27,480
  • 10
  • 73
  • 148