Hi Asyn,
For instance like this with Apache:
By default Apache configuration file has the following entries.
===
ServerTokens ProductOnly
ServerSignature On
===
Change the above lines to the following.
===
ServerSignature Off
ServerTokens Prod
===
restart and you are done.
Now the wannabee hacker has to actively probe to get a near guess at what they are/were looking for and can get logged. As they are always going for the low hanging fruit, they will probably pass your door, especially when they use automatic crawling to avoid detection. The malversant also can do a sitecheck but not with the best of intentions at heart.
Javascript, Java applets, Silverlight, Flash can also add to security risks as can be the use
of hidden iFrames, certain type of tracking code then may have been maliciously altered. Check also for script injections, obfuscation you are not familiar with, code outside HTML that should not be there, etc. etc.
polonus