How to hide the fact that a site is a Drupal site?

By sada.lala on 7 May 2009 at 11:02 UTC

Recently several websites including Drupal based ones have been compromised not due to anything in Drupal probably but for some other reasons like ftp attacks. You can see here some more details http://drupal.org/node/454692

I want to know is it possible to do security by obscurity, which means hiding all source or means to understand that it is a Drupal site. Like view source not showing any drupal specific code.

If any one knows of such methods please help.

Comments

?

dddave commented 7 May 2009 at 11:48

When the problem lies within ftp-usage and not within Drupal, why would you gain anything by hiding it?

Furthermore if it is that easy to check if a site is a Drupal site ( http://isthissitebuiltwithdrupal.com/ ), hiding could be somewhat complicated. But I am certainly no expert on this.

be secure, not obscure ;)

greggles

he/him

English

Denver, Colorado, USA

commented 7 May 2009 at 14:10

I said this on the other post, but it's worth repeating here. Security by obscurity won't get you nearly as far as simply running your site in a secure manner in the first place.

How do you run a secure site? I suggest you read

Secure configuration for Drupal sites
Writing secure code which is also valuable to understand so you can audit the modules you install.
Drupal security team which contains information about the project's policies like what to do if your site is defaced
Cracking Drupal the only book about security in Drupal, which is now available (disclosure: I'm the author ;))

--
Morris Animal Foundation

How to hide the fact that a site is a Drupal site?

Comments

?

be secure, not obscure ;)

New forum topics

News items

Our community

Documentation

Drupal code base

Governance of community