You might be curious about what brand of web server a company is using to host their website. It’s simple to find out. This example is based on a Bank. Yes a bank, and one that’s using Windows servers for their Internet Banking login server. I’m not saying Windows servers are insecure – I’m simply saying Linux has a far better reputation in regards to security. Both can be insecure if configured poorly but Linux is excellent out of the box.
In the example below, you can see my commands in bold. Note there is a double (two) returns/enters to execute the “HEAD / HTTP/1.0” command.
andrews-air:~ agix$ telnet www.ExampleBank.com.au 80 Trying 220.127.116.11... Connected to www.ExampleBank.com.au. Escape character is '^]'. HEAD / HTTP/1.0 HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, X Aug 2015 1:1:1:1 GMT Server: Microsoft-IIS/6.0 MicrosoftOfficeWebServer: 5.0_Pub X-Powered-By: ASP.NET Location: /personal/ Content-Length: 0 Content-Type: text/html Set-Cookie: ASPSEKJIHIUHKJHKJCAATCTB=IFOHJIGKJHGMGODFEPDHINCD; path=/ Cache-control: private Connection closed by foreign host.
As you can see it’s running “Microsoft-IIS”. The following is the AGIX.com.au server:
andrews-air:~ agix$ telnet www.agix.com.au 80 Trying 18.104.22.168... Connected to agix.com.au. Escape character is '^]'. HEAD / HTTP/1.0 HTTP/1.1 200 OK Date: Thu, 13 Aug 2015 1:1:1:1 GMT Server: Apache/2.2.15 (CentOS) Last-Modified: Mon, X Jun 2014 1:1:1:1 GMT ETag: "24296-4cd-4fd0987678500" Accept-Ranges: bytes Content-Length: 1229 Connection: close Content-Type: text/html; charset=UTF-8 Connection closed by foreign host.
The AGIX server is running “Apache”.