Invision Community 4: SEO, prepare for v5 and dormant account notifications Matt November 11, 2024Nov 11
Posted August 4, 20222 yr Just like you removed version number from footer to protect against obvious attack vector of old unpatched versions. I would recommend remove the main version number from the upgrade url. not every install move their /admin behind htaccess or other protections.
August 4, 20222 yr The only thing exposed with that is IPS version 4. That is more than 7 years of releases. In fact well more than 100 releases during that time frame. There is not a lot of information exposed even if there was someone motivated enough to look. A real attacker would be able to tell a site is using IPB simply by viewing the source and looking at the structure of the code to figure out a site is using IPB. The purpose of removing a SPECIFIC version number such as 4.6.1 is to prevent exploit of something that might uniquely exist in that version. This does not expose that.
August 4, 20222 yr Oh man... There are a million other ways to find out your IPS version without that number you're talking about.
August 4, 20222 yr Community Expert Example: you can go directly to the version json file for each app you have installed. Edited August 4, 20222 yr by Adriano Faria
August 11, 20222 yr Indeed classic example of "Security through obscurity" that will not stop an attacker. https://en.wikipedia.org/wiki/Security_through_obscurity