+ Server does not respond with '404' for error messages (uses '200').
+ This may increase false-positives.
Adem's across the board solution to his security problems is to break
Apache so that the server's HTTP headers report nonexistent resources as
"available" rather than "not found", and try to confuse things with a
flood of false positives.
It doesn't fool anyone. It shows us how little Adem really cares about his
users. There's still over 70 vulnerabilities found at his site. He hasn't
corrected any of them except for the phpinfo problem he was humiliated
with. All the users of his web site, forums, download areas, etc, are still
twisting in the wind. He hasn't even attended to the most basic
administrative tasks he's been aware of for months.
"The certificate for "sam.hitrust.net" expired Apr 3 22:13:05 2006 GMT.
The webmaster should update the certificate(s)."
SSL certs still over a year old. How sad is that?