Project

General

Profile

Feature #3710

Server name change

Added by Rafal Kupiec over 8 years ago. Updated over 6 years ago.

Status:
Fixed
Priority:
Normal
Assignee:
-
Category:
-
Target version:
4.4
Start date:
2016-04-10
Due date:
% Done:

100%

Estimated time:

Description

Please implement the ability to change the way how tvh introduces itself. Thus, scanning ports, trying to connect should not give potential attacker the real software name and its version. Please at least implement this for HTTP protocol, do that services like shodan will stop recognizing tvh. It will be harder to find a server with tvh running.

History

#1

Updated by Jaroslav Kysela over 8 years ago

  • Status changed from New to Rejected

Use --useragent configuration option..

#2

Updated by Jaroslav Kysela over 8 years ago

  • Status changed from Rejected to New

Oops. Sorry, it's for http client - not server.

#3

Updated by Rafal Kupiec over 8 years ago

Yep,

nginx has an option:

more_set_headers 'Server: XYZ';

and it will introduce itself as XYZ instead of nginx.
Would be nice to see such option in TVH too.

#4

Updated by Jaroslav Kysela over 8 years ago

  • Target version set to 4.4
#5

Updated by Rafal Kupiec about 8 years ago

Really 4.4? Doesn't seem to be so time-consuming to implement this.
Many TVH installations can be found on Shodan. Having such option, everyone could change the way TVH introduces itself, thus trying to hide application from abusive users.

#6

Updated by Jaroslav Kysela over 7 years ago

  • Status changed from New to Fixed
  • % Done changed from 0 to 100

Applied in changeset commit:tvheadend|816fdb93a2ff84769d5491b7fb0071d4c5f4386c.

#7

Updated by Pablo R. over 7 years ago

Is realm also modified?

WWW-Authenticate: Digest realm="tvheadend"

Shodan users still can see that...

#8

Updated by Rafal Kupiec over 7 years ago

It is not, its still asking for password as 'tvheadend' and we cannot modify it.
IMHO This feature request is not implements as expected.

#9

Updated by Jaroslav Kysela over 7 years ago

Fixed in v4.3-135-ge0a31ac .

#10

Updated by Mono Polimorph over 7 years ago

Hi,

This change doesn't apply to the name advertized with the RTSP port (SAT>IP protocol).

Perhaps, it will be useful to use the configuration name also with this protocol.

#11

Updated by Pablo R. over 6 years ago

I also see:

Location: extjs.html

on Shodan for tvheadend servers, is it possible to also hide this? Or is need for webui works or something?

Regards.

Also available in: Atom PDF