Ocean West Posted August 4, 2022 Posted August 4, 2022 Just like you removed version number from footer to protect against obvious attack vector of old unpatched versions. I would recommend remove the main version number from the upgrade url. not every install move their /admin behind htaccess or other protections.
Randy Calvert Posted August 4, 2022 Posted August 4, 2022 The only thing exposed with that is IPS version 4. That is more than 7 years of releases. In fact well more than 100 releases during that time frame. There is not a lot of information exposed even if there was someone motivated enough to look. A real attacker would be able to tell a site is using IPB simply by viewing the source and looking at the structure of the code to figure out a site is using IPB. The purpose of removing a SPECIFIC version number such as 4.6.1 is to prevent exploit of something that might uniquely exist in that version. This does not expose that. dragonfly411 and Ocean West 1 1
aia Posted August 4, 2022 Posted August 4, 2022 Oh man... There are a million other ways to find out your IPS version without that number you're talking about.
Adriano Faria Posted August 4, 2022 Posted August 4, 2022 (edited) Example: you can go directly to the version json file for each app you have installed. Edited August 4, 2022 by Adriano Faria
dragonfly411 Posted August 11, 2022 Posted August 11, 2022 Indeed classic example of "Security through obscurity" that will not stop an attacker. https://en.wikipedia.org/wiki/Security_through_obscurity
Recommended Posts