Feature #3710

Server name change

Added by Rafal Kupiec about 1 year ago. Updated 8 months ago.

Status:NewStart date:2016-04-10
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:-
Target version:4.4

Description

Please implement the ability to change the way how tvh introduces itself. Thus, scanning ports, trying to connect should not give potential attacker the real software name and its version. Please at least implement this for HTTP protocol, do that services like shodan will stop recognizing tvh. It will be harder to find a server with tvh running.

History

#1 Updated by Jaroslav Kysela about 1 year ago

  • Status changed from New to Rejected

Use --useragent configuration option..

#2 Updated by Jaroslav Kysela about 1 year ago

  • Status changed from Rejected to New

Oops. Sorry, it's for http client - not server.

#3 Updated by Rafal Kupiec about 1 year ago

Yep,

nginx has an option:

more_set_headers 'Server: XYZ';

and it will introduce itself as XYZ instead of nginx.
Would be nice to see such option in TVH too.

#4 Updated by Jaroslav Kysela 12 months ago

  • Target version set to 4.4

#5 Updated by Rafal Kupiec 8 months ago

Really 4.4? Doesn't seem to be so time-consuming to implement this.
Many TVH installations can be found on Shodan. Having such option, everyone could change the way TVH introduces itself, thus trying to hide application from abusive users.

Also available in: Atom PDF