SIte Security

I do not know where to post this so I am just posting it here. I noticed that this site does use HTTPS (SSL issued by Let's Encrypt) but does not enforce it (you can switch to http and https), as we all know http is not secure. This can be fixed by adding a header to apache by using Strict-Transport-Security. Also the site does not sanitize the php version used this can be used make the site vulnerable, you may also want to remove the Apache server header change it something different like UndertowGames.
A simple curl query can show the site's headers:

Code: Select all

$ curl -I
HTTP/1.1 200 OK
Set-Cookie: mediaplanBAK=R129205185; path=/; expires=Thu, 05-Apr-2018 12:18:49 GMT
Date: Thu, 05 Apr 2018 11:20:43 GMT
Content-Type: text/html; charset=UTF-8
Set-Cookie: mediaplan=R20449423907; path=/; expires=Thu, 05-Apr-2018 12:18:49 GMT
Server: Apache
X-Powered-By: PHP/5.6.32
Link: <>; rel=shortlink
Vary: Accept-Encoding
X-IPLB-Instance: 17339
You also need to prevent clickjacking attacks, content sniffin

in the /etc/apache2/ites-enabled/whateversite.conf or /etc/apache2/conf-enabled/security.conf add this in the virtualhost directive to enable HTTP Strict Transport Security (HSTS) this will force the user to use HTTPS and not HTTP

Code: Select all

# HSTS (mod_headers is required) (15768000 seconds = 6 months)
Header always set Strict-Transport-Security "max-age=15768000"
To change the server name, edit the security.conf
ServerTokens Prod
SecServerSignature undertowgames

add also the secure headers

Code: Select all

Header set X-Content-Type-Options: "nosniff"
Header set X-Frame-Options: "DENY"
Header set X-XSS-Protection "1; mode=block"
Header set X-Permitted-Cross-Domain-Policies "none"
Header set Referrer-Policy "strict-origin"

You need to remove the PHP version edit your php.ini configuration and set the expose_php to off

Code: Select all

; Miscellaneous ;

; Decides whether PHP may expose the fact that it is installed on the server
; (e.g. by adding its signature to the Web server header).  It is no security
; threat in any way, but it makes it possible to determine whether you use PHP
; on your server or not.
expose_php = Off
Please read the OWASP Secure Headers Project ... rs_Project