With today’s concern on ensuring a web server is properly configured and locked down, it’s still amazing to find (at times), a web server that somehow escaped the administrator’s scrutiny.

Usually, before a server goes ‘live’, one of the process is to do a penetration test or pen-test to ensure that the server is being properly configured and there is no information being leaked unintentionally ie Apache version should not be published. 

This is pretty basic stuff that any decent system admin or security admin who is worth his salt will know exactly what to do.

But, like the example shown above, not all companies give the same priority to this issue, this is until the server got hacked.