发表新帖
发表新帖

prevent builtwith.com showing what my site is built with

后端 未结
关注
5 591
悲哀的现实
悲哀的现实 2020-12-19 17:56

Is there a way to mask my real server technology say from PHP to show up as Python when checked by sites like http://builtwith.com? Or at least to not show anything at all?<

相关标签:
5条回答
  • 时光取名叫无心
    2020-12-19 18:34

    I think they test some path those are unique path for CMSs and index your website info in their databases. I try to use "IP Deny Manager" in Cpanel to denny IP of those domains in order to prevents from unwanted indexing by those sites.

    0 讨论(0)
  • 忘了有多久
    2020-12-19 18:40

    If you are using LiteSpeed, you can set the Server and X-Powered-By headers to anything you like, using either .htaccess or PHP.

    .htaccess

    Header always set X-Powered-By Something
Header always set Server Something

    PHP

    header('X-Powered-By: Something');
header('Server: Something');
    0 讨论(0)
  • 攒了一身酷
    2020-12-19 18:42

    Assuming you're using apache, you can change the default "tell all" behaviour with the ServerTokens and ServerSignature directives:

    ServerTokens Prod
ServerSignature Off

    This'll remove identifying marks from error pages, and only return the server name with HTTP requests, instead of all of your installed modules. Here's an example with ServerTokens commented out:

    14:45:52 bartley:~ > curl -I http://www.test.com
HTTP/1.1 200 OK
Date: Mon, 16 May 2011 13:54:48 GMT
Server: Apache/2.2.15 (EL) DAV/2 PHP/5.2.16 mod_ssl/2.2.15 OpenSSL/0.9.8e-fips-rhel5 mod_perl/2.0.4 Perl/v5.8.8
Accept-Ranges: bytes
Content-Length: 16457
Cache-Control: max-age=300, must-revalidate
Expires: Mon, 16 May 2011 13:59:48 GMT
Vary: Accept-Encoding,Cookie
Connection: close
Content-Type: text/html; charset=UTF-8

    ..and here's one with it set to Prod:

    14:44:25 bartley:~ > curl -I http://www.test.com
HTTP/1.1 200 OK
Date: Mon, 16 May 2011 13:54:19 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 16457
Cache-Control: max-age=300, must-revalidate
Expires: Mon, 16 May 2011 13:59:19 GMT
Vary: Accept-Encoding,Cookie
Connection: close
Content-Type: text/html; charset=UTF-8

    EDIT: As @Marc points out, there is also a HTTP header that PHP can add an X-Powered-By header to. This can be disabled by adding expose_php = Off in your php.ini.

    0 讨论(0)
  • 独厮守ぢ
    2020-12-19 18:45

    I've seen this question asked with many other packages, the result is always that hiding what something is running, that's publicly accessible, is not really possible, and not worth the time - time's better spent tightening real security issues like keeping private directories private etc, correct set-up and keeping the software up to date

    0 讨论(0)
  • 我寻月下人不归
    2020-12-19 18:46

    The link provided by builtwith.com to remove your site from their lookup service is:

    http://builtwith.com/removals

    (Credit due to the person with user name "gary" who originally posted this link as a comment on the question; however, the link has since changed and it is better posted in an answer so it can be easily seen.)

    0 讨论(0)
 看不清?
提交回复
热议问题