Simon Willison's Weblog: iishttp://simonwillison.net/2011-01-05T13:37:00+00:00Simon WillisonHow can I determine which web server a particular website is using (Apache, IIS, Nginx, etc)?2011-01-05T13:37:00+00:002011-01-05T13:37:00+00:00https://simonwillison.net/2011/Jan/5/how-can-i-determine/#atom-tag
<p><em>My answer to <a href="https://www.quora.com/How-can-I-determine-which-web-server-a-particular-website-is-using-Apache-IIS-Nginx-etc/answer/Simon-Willison">How can I determine which web server a particular website is using (Apache, IIS, Nginx, etc)?</a> on Quora</em></p>
<p>If you're on Linux or OS X, use curl with the -I option (to make a HEAD request and see the HTTP headers):</p>
<p>$ curl -I <span><a href="http://www.op3intl.com">www.op3intl.com</a></span><br />HTTP/1.1 200 OK<br />Date: Thu, 06 Jan 2011 03:31:28 GMT<br />Server: Microsoft-IIS/6.0</p>
<p>...</p>
<p>Tags: <a href="https://simonwillison.net/tags/apache">apache</a>, <a href="https://simonwillison.net/tags/iis">iis</a>, <a href="https://simonwillison.net/tags/nginx">nginx</a>, <a href="https://simonwillison.net/tags/servers">servers</a>, <a href="https://simonwillison.net/tags/web-development">web-development</a>, <a href="https://simonwillison.net/tags/webservers">webservers</a>, <a href="https://simonwillison.net/tags/quora">quora</a></p>
Mass Attack FAQ2008-04-26T09:12:13+00:002008-04-26T09:12:13+00:00https://simonwillison.net/2008/Apr/26/hackademixnet/#atom-tag
<p><strong><a href="http://hackademix.net/2008/04/26/mass-attack-faq/">Mass Attack FAQ</a></strong></p>
Thousands of IIS Web servers have been infected with an automated mass XSS attack, not through a specific IIS vulnerability but using a universal XSS SQL query that targets SQL Server and modifies every text field to add the attack JavaScript. If an app has even a single SQL injection hole (and many do) it is likely to be compromised.
<p>Tags: <a href="https://simonwillison.net/tags/iis">iis</a>, <a href="https://simonwillison.net/tags/massattack">massattack</a>, <a href="https://simonwillison.net/tags/security">security</a>, <a href="https://simonwillison.net/tags/sql">sql</a>, <a href="https://simonwillison.net/tags/sql-injection">sql-injection</a>, <a href="https://simonwillison.net/tags/sqlserver">sqlserver</a>, <a href="https://simonwillison.net/tags/xss">xss</a></p>