By default almost all Apache installation shows sensitive server information with Apache version number, server operating system details, installed Apache modules, PHP-version and so on.  Hackers usually use this information to gain access to the webserver and damage sensitive information.

Following are the steps:

In apache2.conf or httpd.comf file edit the following

ServerSignature Off

ServerTokens Prod

And in php.ini edit the following

expose_php = Off

Besides that, we can use additional methods to strengthen security measures like..

Installing database firewall such as Greensql express which is a free version and installing web firewall such as Mod_security which is also a open source product.

Advertisements