Monarch Digital
719.533.0553
While security through obscurity is often looked down upon, it can really help your site against newbie hackers. By default, Drupal shows files such as CHANGELOG.txt, INSTALL.txt, and README.txt. These files contain information about your current Drupal distribution that could potentially be used to wreak havoc on your site.
As a test, type your site name with CHANGELOG.txt as the path. For example www.site-name.com/CHANGELOG.txt. You will see that this brings up a text file with the current version of your site. A hacker can use this to see if you are on an older version. They can then look up security flaws for the version you are on and use this to start attacking your site.
Preventing these files from being shown is quite easy. In your .htaccess file found at your document root, just add these lines:
<FilesMatch "^(CHANGELOG|README|INSTALL|MAINTAINERS).*\.txt$"> Deny from All </FilesMatch>
We would like to thank Greggles for contributing the following post: http://drupalscout.com/knowledge-base/hiding-fact-your-site-runs-drupal-or-fingerprinting-drupal-site which gives a much broader aspect to this type of "security".
We're using our blogs to fill you in on technical details on our site, to communicate with you on general business items and to announce events and news items.
Want us to cover something here? Please let us know.
