Jump to content

Featured Replies

Posted

Just like you removed version number from footer to protect against obvious attack vector of old unpatched versions.

I would recommend remove the main version number from the upgrade url. 

not every install move their /admin behind htaccess or other protections.

 

Could contain: Text

The only thing exposed with that is IPS version 4.  That is more than 7 years of releases.  In fact well more than 100 releases during that time frame.  There is not a lot of information exposed even if there was someone motivated enough to look. 

A real attacker would be able to tell a site is using IPB simply by viewing the source and looking at the structure of the code to figure out a site is using IPB. The purpose of removing a SPECIFIC version number such as 4.6.1 is to prevent exploit of something that might uniquely exist in that version. This does not expose that. 

Oh man... There are a million other ways to find out your IPS version without that number you're talking about.

  • Community Expert

Example: you can go directly to the version json file for each app you have installed.

Edited by Adriano Faria

Recently Browsing 0

  • No registered users viewing this page.