This question is related to security of a website.
I know that web servers give information as if it was a pride (mostly in header form yet also in error pages as well). In this case, IIS (dev. version though) gives me this information when running into a 404:
Version Information: Microsoft .NET Framework Version:2.0.50727.4206; ASP.NET Version:2.0.50727.4209
Did any of you used a so called "exploit" in the past?
Yea, these little apps that are used to hack a server (or whatever). They mostly rely on server version, OS type etc'.
Giving such information is horrible in my opinion!
So my question is this: I want the server to reply with as less as possible information regarding itself, the operating system or whatever, in any scenario (successful page view, internal error, page not found etc').
How do I do that with IIS7? Is there a "stealth mode" for the server-side? Any good tutorial out there?
Changing server banners is pointless in the real world. You'll either fall prey to automated attacks that hit without checking, or a human attacker for whom OS and application fingerprinting is trivial through active and passive traffic examination.
If you're dead set on changing your banners, however, Microsoft's URLScan tool will do the trick: http://learn.iis.net/page.aspx/473/using-urlscan