Welcome to WebmasterWorld Guest from 54.85.162.213

Forum Moderators: phranque

Message Too Old, No Replies

Removing Software "Footprints"

How paranoid are you?

     
4:27 pm on Dec 22, 2004 (gmt 0)

Administrator

WebmasterWorld Administrator rogerd is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Aug 2, 2000
posts:9687
votes: 1


I've always been an advocate of removing the most obvious signs that you are using particular software to drive your site. My own paranoia goes back to the days of search engine penalties (or algo adjustments) for particular software, and has been reinforced by hackers targeting specific software vulnerabilities. Now we see automated searches being used by worms [webmasterworld.com] to identify targets for infection.

I'm curious as to how other WebmasterWorld members are dealing with this issue, if at all.

Some of the most obvious steps:
1) Remove "powered by" and similar text.
2) Remove on-page "copyright" text or convert to image.
3) Change default installation directory and file names to foil both searches and brute-force attacks.
4) Remove/change other giveaways (ancient SEOs remember the infamous "blueline.gif" that undid many thousands of pages), i.e., anything that a hacker or other problem user could plug into a search engine to easily find sites using particular software.

What less obvious things have you done? And how do you deal with the software provider's need to display copyright or other legal notices (if they don't offer a paid option for this)?

5:12 pm on Dec 22, 2004 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Feb 18, 2003
posts:925
votes: 0


  • make directories non-readable

  • traps for bots seeking problematic files

  • move password files outside the directory tree

  • change the directory and name of admin files
  • 6:39 pm on Dec 22, 2004 (gmt 0)

    Administrator

    WebmasterWorld Administrator coopster is a WebmasterWorld Top Contributor of All Time 10+ Year Member

    joined:July 31, 2003
    posts:12548
    votes: 2


    Extension-less pages (Content Negotiation)
    6:48 pm on Dec 22, 2004 (gmt 0)

    Administrator

    WebmasterWorld Administrator jatar_k is a WebmasterWorld Top Contributor of All Time 10+ Year Member

    joined:July 24, 2001
    posts:15756
    votes: 0


    all the no footprint scripts I write have similar attributes

    they are all powered by config scripts that store all paths, directories, files. The scripts don't care what you name any of the files or directories and don't care where you put them or any of the other scripts they use.

    there are no set tags/text in any of the distributed code

    they allow you to configure output so there are no common attributes to the html either, unless you make them that way ;)

    more web software programmers should spend time with SEOs

    11:16 pm on Dec 22, 2004 (gmt 0)

    Senior Member

    WebmasterWorld Senior Member 10+ Year Member

    joined:June 18, 2003
    posts:1929
    votes: 0


    What's the blueline.gif story? I have never heard of that.
    7:00 am on Dec 23, 2004 (gmt 0)

    Administrator from JP 

    WebmasterWorld Administrator bill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

    joined:Oct 12, 2000
    posts:15148
    votes: 170


    > What's the blueline.gif story?

    <short version> WebPosition Gold (WPG), an early SEO software package for the masses, used to put that GIF file in pages it generated. The SEs got wise and peanlized sites using it.

    9:09 am on Dec 23, 2004 (gmt 0)

    Senior Member from US 

    WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

    joined:Sept 26, 2001
    posts:12913
    votes: 893



    2) Remove on-page "copyright" text or convert to image

    Why would you want to do this?

    3:13 pm on Dec 23, 2004 (gmt 0)

    Administrator

    WebmasterWorld Administrator coopster is a WebmasterWorld Top Contributor of All Time 10+ Year Member

    joined:July 31, 2003
    posts:12548
    votes: 2


    So the text cannot be scanned by automated worms looking for particular software packages with known vulnerabilities (see link in first message).
    7:15 pm on Dec 23, 2004 (gmt 0)

    Senior Member from US 

    WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

    joined:Sept 26, 2001
    posts:12913
    votes: 893


    OK - I guess my question is, how would the word "copyright" indicate that the webpage has/is using a particular software. I would imagine that billions of webpages display that text.

    7:31 pm on Dec 23, 2004 (gmt 0)

    Senior Member

    WebmasterWorld Senior Member 10+ Year Member

    joined:Feb 18, 2003
    posts:925
    votes: 0


    If it said copyright phpbb it would be very useful for finding copies of phpbb. If you happened to be a worm looking for phpbb.
    12:39 am on Dec 24, 2004 (gmt 0)

    Full Member

    10+ Year Member

    joined:July 30, 2003
    posts:322
    votes: 0


    The problem of removing "powered by phpBB" is that you will not get any support if you ever run into a problem.
    1:13 am on Dec 24, 2004 (gmt 0)

    Senior Member from US 

    WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

    joined:Sept 26, 2001
    posts:12913
    votes: 893


    If it said copyright phpbb it would be very useful for finding copies of phpbb

    I can appreciate that, but my original reply was to the statement made by rogerd:

    Remove on-page "copyright" text or convert to image

    ...which I am still stumped about the warning to remove the word "copyright" from webpages.
    2:13 am on Dec 24, 2004 (gmt 0)

    Senior Member

    WebmasterWorld Senior Member 10+ Year Member

    joined:Dec 4, 2002
    posts:1958
    votes: 0


    The problem of removing "powered by phpBB" is that you will not get any support if you ever run into a problem.

    You could replace with a gif version.

    2:42 am on Dec 24, 2004 (gmt 0)

    Senior Member

    WebmasterWorld Senior Member 10+ Year Member

    joined:Nov 27, 2003
    posts:1648
    votes: 2


    No, no, they are suggesting the removal of strings such as 'copyright $SOFTWAREPACKAGE', not just 'copyright' in general.

    Or, if the license requires that it be there, put up an image instead.

    2:37 pm on Dec 24, 2004 (gmt 0)

    Senior Member

    WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

    joined:Feb 28, 2002
    posts:1328
    votes: 0


    Don't let any programers leave social traces in the comments

    <!-- changed by John Smith 12-24-2004 -->

    Makes it easier to guess/reverse engineer username and passwords to gain access.

     

    Join The Conversation

    Moderators and Top Contributors

    Hot Threads This Week

    Featured Threads

    Free SEO Tools

    Hire Expert Members