Big Security No-No - "Powered by: Reviewpost 5.0"

[Swanny]

So I finally upgraded my ReviewPost version 4.04 the other day. I noticed that in the footer it shows: Powered by: Reviewpost 5.0. Also, there is a meta tag <meta name="generator" content="ReviewPost 5.0" />. This is bad in my opinion.

You see, hackers can use version information to take advantage of vulnerabilities. For example, there have been a few "security updates" as you can see in your Announcements forum. If a hacker wanted, they could do a search in their favorite search engine for "Powered by: ReviewPost 4.0" and know that the software is not up-to-date, then proceed to take advantage of any known vulnerabilities. If the version number was absent from the HTML (meta/footer) then they would have a harder time doing this.

Please remove the version number from the meta tag and footer as it is a security concern. That is my suggestion.

p.s. The sky is not falling and I know plenty of software packages / scripts include version numbers. I'm not suggesting your product is not secure, I'm saying it is good security practice to hide the version number to anyone but the admin. Agree? Disagree? Comments?

[Chuck S]

This is not a security vulnerability and is common place in software to have the version number as part of the copyright so I guess really its just preference.