I've been thinking about this for a while, and I agree with Hans: Hiding the number would just give a false sense of security, because there's plenty of ways to find out the actual version number. One of the ways that could never be prevented fully, is to get pivotx/includes/js/pivotx.js, and comparing that to known versions you've downloaded of our site.
For fun, check out this post by some guy who lists a ton of ways to find out what version of WP a site is running: http://w-shadow.com/blog/2009/12/02/det ... s-version/
Bob, you are right and I agree.
If someone (capable enough) decides to target your site and to bring it down by finding an exploit in your CMS, most probably he will be able to do it, and removal of some comment will not stop him. WP has some plugin that removes the version from a number of locations
Perhaps I should have started this thread differently. Pivotx is not as widely used, unlike WP. Therefore most probably pivot sites are not targeted as often as as WP sites.
I think the following can be considered as a quite common scenario:
When some naughty script kid manages to get inside yet another WP site, he publishes the exploit on the dedicated h4x0r boards. Following that, another script kiddy trying his luck using that exploit on the dedicated WP sites based on the WP version compatibility. The latter kiddy opens Google, and quickly finds his future targets simply by typing something like that:
- Code: Select all
The Google returns X number of results ... The rest is a matter of trial and error
My question is:
Why make it easier for a potential attacker? How about not leaving obvious hints about the version of your platform in your HTML,CSS,JS and what not files that are accessible via HTTP/S? Or perhaps lets have it as an option in advanced config? Not having obvious hints in place, most probably will discourage the script kiddy to target the site ...(I am not talking about a case when someone pledged to erase you from the face of the In-net)
I think you understand what I am trying to say ... Sorry once again for pessimistic thinking, I guess one starts thinking differently after the bite
(Having said that, I am not implying that you are a non-thinker)
P.S. Happy new year!