-----Original Message-----[Ryan Barnett] The problem is that are so many ways that application version information data may leak out. Check out some of the comments here - http://www.php.net/manual/en/security.hiding.php. You might want something like "expose_php=Off" in your php.ini file. ModSecurity can help to hid the php module info in the Server response header if you set the SecServerSignature directive.
From: Mike Yrabedra [mailto:email@example.com]
Sent: Friday, February 27, 2009 6:13 AM
Subject: [mod-security-users] Disable php_flag version?
Is there any way I can change ( or disable ) what PHP version is returned
when someone does a scan of my server?