FileZilla Server banner
Moderator: Project members
FileZilla Server banner
Hello,
is there a way to disable version and FTP server name showing in welcome message? In FileZilla server 0.9.x setting custom welcome message was hiding FileZilla Server default message. IMHO it would be good for security reasons to not show any info about FTP server version or at least allow in configuration to disable it. What do you think?
Thanks
P.S. Setting Custom welcome message only adds new line to Welcome message next to server name and version.
is there a way to disable version and FTP server name showing in welcome message? In FileZilla server 0.9.x setting custom welcome message was hiding FileZilla Server default message. IMHO it would be good for security reasons to not show any info about FTP server version or at least allow in configuration to disable it. What do you think?
Thanks
P.S. Setting Custom welcome message only adds new line to Welcome message next to server name and version.
Re: FileZilla Server banner
No, this cannot be disabled. Hiding version numbers does not add security. If unsure, the attacker just tries attacks against all versions. Takes a few seconds longer, result the same.
Re: FileZilla Server banner
All versions of what? All versions of ALL FTP servers available? If yes then it would end up with IP banning right? I'm talking about possibility to completely overwrite banner where I can remove FTP server name and version.
-
- 500 Command not understood
- Posts: 1
- Joined: 2023-09-15 12:15
- First name: Bruce
- Last name: Corkhill
Re: FileZilla Server banner
I have to agree with this. For security, it should not announce that it is Filezilla or a version number.
You have to do the same with web servers for PCI compliance, so the same should be true for FTP.
Also given that we are currently being recommending upgrading to FileZilla Server 1.7.2 due to a security vulnerability in older versions, it would seem like a good move.
You have to do the same with web servers for PCI compliance, so the same should be true for FTP.
Also given that we are currently being recommending upgrading to FileZilla Server 1.7.2 due to a security vulnerability in older versions, it would seem like a good move.
Re: FileZilla Server banner
Hello,
any chance to have any response regarding possibility to hide server name and version in banner?
any chance to have any response regarding possibility to hide server name and version in banner?
Re: FileZilla Server banner
My previous statement still holds. Even disregarding all user-visible strings, it's trivially easy to identify the used server software purely from behavior. Hiding product names and versions only ever adds a false sense of security.
Re: FileZilla Server banner
Ok. Thanks for response
-
- 500 Command not understood
- Posts: 1
- Joined: 2023-10-26 21:12
- First name: Jolly
- Last name: Ali
Re: FileZilla Server banner
I agree that removing the banner doesn't add to security. That said, the option to remove the banner also doesn't harm security, so having the option to hide the banner isn't harmful and may cause enough of a delay that systems can detect malicious actors.