How to hide your server's info

As you may or may not know, by default, your server details are public and anyone with some basic knowledge can easily see them.

For example, let's consider this blog: if you check its HTTP header you'll see this info:

HTTP/1.1 200 OK
Date: Mon, 08 Jun 2009 16:44:51 GMT
Server: Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.9
X-Pingback: http://1mum.geek-tools.org/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8


If you use apache web server and if you want to turn this off just edit your Apache VirtualHost definition and add this line:
ServerSignature Off
More info about this can be found here here

In order for the changes to be activated you'll have to restart your web server.

Now that you made this change here's the question: will turning off your web server headers be of any help? :-)

The quick answer is yes and no.
Yes: if you sell webhosting it may look better/more secure to your potential customers. It could also save you some SPAM/attacks as some of these malware loving guys use automated tools that read this info

No: most of the attacking tools won't care about the header details as they'll brute force your server anyway.
Besides that, one with a bit more networking knowledge can not only have a fairly good guess of what your OS is but also figure out details like your server's uptime!

The bottom line: if its easy for you to edit your webserver configuration to hide your server's details do it, if not it won't matter much anyway.