What server is Yahoo using?

What server is Yahoo using?

Post by Darrell Schul » Fri, 30 Apr 1999 04:00:00




> Usually you can telnet to a web server at port 80 and look at what Web server
> they're using (use the command HEAD / HTTP/1.0 for example). But www.yahoo.com
> doesn't do this. Look at my screen dump:

> HEAD / HTTP/1.0

> HTTP/1.0 200 OK
> Content-Length: 9659
> Expires: Sat, 01 May 1999 13:00:03 GMT
> Content-Type: text/html

> <html><head><title>Yahoo!</title><base href=http://[snipped]

> Can anyone tell me what trick Yahoo did? I also want to hide the information
> of our Web server for security reason (if hackers know what server we're
> using, it expedites their hacking!). Thanks.

> Yong

> P.S. An article I read says Yahoo is using FreeBSD OS.

http://www.netcraft.com/cgi-bin/Survey/whats?host=www.yahoo.com

--

 University of Wisconsin-Madison - Office of News and Public Affairs
  The Why Files http://whyfiles.news.wisc.edu - The Graduate School
102A Bascom Hall, 500 Lincoln Drive - Madison WI 53706 (608) 265-8551

 
 
 

What server is Yahoo using?

Post by Alan J. Flavel » Fri, 30 Apr 1999 04:00:00



Quote:> Usually you can telnet to a web server at port 80 and look at what Web server
> they're using (use the command HEAD / HTTP/1.0 for example). But www.yahoo.com
> doesn't do this. Look at my screen dump:

> HEAD / HTTP/1.0

> HTTP/1.0 200 OK
> Content-Length: 9659
> Expires: Sat, 01 May 1999 13:00:03 GMT
> Content-Type: text/html

> <html><head><title>Yahoo!</title><base href=http://[snipped]

Oh, *!  They've responded to a HEAD request by performing what
appears to be a GET.

Quote:> Can anyone tell me what trick Yahoo did? I also want to hide the information
> of our Web server for security reason

I don't claim to know what they're doing, but one thing I can say:
I can simulate their behaviour on my own server (i.e it not only omits
to send a server identity, it also responds to a HEAD request as if
a GET had been issued) by using NPH CGI scripts.

But at what cost???  - if you had really intended to serve out static
pages.

If it's Apache, you've got the source  ;-)

--

                  Netscape Compos<del style="display:none;">t</del>er

 
 
 

What server is Yahoo using?

Post by Ron Klatchk » Fri, 30 Apr 1999 04:00:00



> Can anyone tell me what trick Yahoo did? I also want to hide the information
> of our Web server for security reason (if hackers know what server we're
> using, it expedites their hacking!). Thanks.

The simplest solution I see would be to comment out the line in
http_protocol.c that sends the server version (which is line 1309 in
Apache 1.3.6) and recompile.  More interesting solutions would add
configuration variables that could decide what (if anything) to send.

moo
----------------------------------------------------------------------
          Ron Klatchko - Manager, Advanced Technology Group          
           UCSF Library and Center for Knowledge Management          

 
 
 

What server is Yahoo using?

Post by Marc Slemk » Sat, 01 May 1999 04:00:00



>Usually you can telnet to a web server at port 80 and look at what Web server
>they're using (use the command HEAD / HTTP/1.0 for example). But www.yahoo.com
>doesn't do this. Look at my screen dump:
>HEAD / HTTP/1.0
>HTTP/1.0 200 OK
>Content-Length: 9659
>Expires: Sat, 01 May 1999 13:00:03 GMT
>Content-Type: text/html
><html><head><title>Yahoo!</title><base href=http://[snipped]
>Can anyone tell me what trick Yahoo did? I also want to hide the information

No trick.  

Quote:>of our Web server for security reason (if hackers know what server we're
>using, it expedites their hacking!). Thanks.

Oh, hooey.  It doesn't save you anything.  Dumb hackers will just try
all their little scripts.  Smart hackers can tell what server a site is
running (if it runs a common one) anyway.

The answer is "look at the docs for your webserver".  If they don't have
the answer, look at the source.  If you don't have the source, then you
either have to look at the object code or you are out of luck.

(in reality, Yahoo is using custom code.  Much or most of their
sites use code based on Apache 1.1 AFAIK, with other custom software
similar to squid in accelerator mode fronting some of their sites.
Their code, however, is wildly hacked so it isn't fair to call it
Apache any more.)

 
 
 

What server is Yahoo using?

Post by Kurt J. Lanz » Sat, 01 May 1999 04:00:00



> Usually you can telnet to a web server at port 80 and look at what Web server
> they're using (use the command HEAD / HTTP/1.0 for example). But www.yahoo.com
> doesn't do this. Look at my screen dump:

> HEAD / HTTP/1.0

> HTTP/1.0 200 OK
> Content-Length: 9659
> Expires: Sat, 01 May 1999 13:00:03 GMT
> Content-Type: text/html

> <html><head><title>Yahoo!</title><base href=http://[snipped]

> Can anyone tell me what trick Yahoo did? I also want to hide the information
> of our Web server for security reason (if hackers know what server we're
> using, it expedites their hacking!). Thanks.

Not a trick. Basic programming. Get the source fro your server and
modify it so it doesn't send the headers you don't want it to send -- as
long as it sends the headers required by the specs. Optional headers are
just that.
 
 
 

1. Desktop used at Yahoo, Inc.

I recently read in someone's blog that the desktop computers at Yahoo, Inc. use
FreeBSD.  I was curious as to how they conduct their business using just FreeBSD
and what kind of configuration they use for the FreeBSD desktop.  For example,
is it the generic KDE setup that comes with FreeBSD or could it something that
was customized for an office working environment.

Kris

2. awk to C translator?

3. Can SBC/Yahoo DSL be used with a SUN Sparc 10?

4. XFree86 Modelines

5. can anyone send thru smtp.sbcglobal.yahoo.com using Netscape

6. Mounting Win 98 partition - problems

7. Yahoo Servers...

8. OPL2SA2 soundcard doesn't work after compilation of Kernel 2.2.12

9. server setups/yahoo

10. Accessing Yahoo games servers

11. Yahoo games server access

12. proxy server everything ok except yahoo chat

13. yahoo dsl + home web server