How to Change nginx server signature from source code

This post is rather a note to myself just in case the next time I want to recompile a new nginx server (I recently compiled a new nginx release in order to enable support for the new brotli encoding and http2 protocol)

The exact file that you need to change is :
/nginx-1.13.7/src/http/ngx_http_header_filter_module.c

Here’s a snippet of what you need to change:

static u_char ngx_http_server_string[] = "Server: yourservername" CRLF;
static u_char ngx_http_server_full_string[] = "Server: yourservername/1.0" CRLF;
static u_char ngx_http_server_build_string[] = "Server: " NGINX_VER_BUILD CRLF;

replace NGINX_VER and NGINX_VER_FULL with your own string.

IMPORTANT: Do not redefine NGINX_VER constant!

Do not redefine NGINX_VER constants as it would be used in various installation scripts after compilation. For example, the Let’s Encrypt “certbot” tool is dependent on the factory setting of NGINX_VER constant.

BONUS: Change default error page

You can further confuse various network scanners by changing the nginx built-in default error page. Although you can change 4xx and 5xx error page easily in server configuration. Nmap is known to detect nginx installation by looking into the nginx built-in error page.

In order to prevent nmap from further detecting your webserver version and configuration, you can change the default built-in error page using through this file:

/nginx-1.13.7/src/ngx_http_special_response.c

Look for these lines:

static u_char ngx_http_error_full_tail[] =
"<p>&nbsp;</p><hr><center>Copyright &copy; 2018 Mohammad Hafiz bin Ismail (mypapit at gmail.com )" CRLF
"<br /><small><a href=\"https://blog.mypapit.net\">Mypapit Personal Blog</a></small></center>" CRLF
"</body>" CRLF
"</html>" CRLF
;

 

And change the HTML tags accordingly to suit your need, note that you can remove NGINX_VER_BUILD entirely to hide your NGINX version.

You can also customized the built in HTTP code special response, from this :

static char ngx_http_error_502_page[] =
"<html>" CRLF
"<head><title>502 Bad Gateway</title></head>" CRLF
"<body bgcolor=\"white\">" CRLF
"<center><h1>502 Bad Gateway</h1></center>" CRLF
;

to include the “Viewport” meta-tag in order to support mobile devices:

static char ngx_http_error_502_page[] =
"<html>" CRLF
"<head>" CRLF
"<link href=\"https://fonts.googleapis.com/css?family=Lato|Slabo+27px\" rel=\"stylesheet\" />" CRLF
"<meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">" CRLF
"<title>502 Bad Gateway</title></head>" CRLF
"<body>" CRLF
"<h1>502 Bad Gateway</h1>" CRLF
"<p>Somebody just fucked up at our end :(</p>" CRLF
;

Just make sure you test the nginx configuration after compiling before deploying it in production environment.

Further Reading: Compiling nginx

A rather complete nginx compiling guide can be found from these websites:

  1. How to Compile Nginx From Source on Ubuntu 16.04
  2. Install Nginx from source code on Ubuntu 14.04 LTS

Automatically generate gallery with llgal

LLGAL (llgal) is an tool which can automatically generate gallery on your website. llgal is handy if you want to generate photo album out of photos organized in directories/folders.

Running llgal from the console is easy as typing the llgal command at the root directory of your photos.

llgal --exif --li -L -R --title "Album Name" --sx 960 --sy 720 --tx 250 --ty 150

In Ubuntu, the gallery’s theme is located in “/usr/share/llgal/” directory and my customized theme which supports mobile phone can be downloaded here: llgal.zip (mobile enabled)

llgal Screenshot

Personally, i use llgal to generate cctv tiles automatically on my Ubuntu server from which my TP-LINK NC450 and NC250 IP camera uploads through its FTP functions when it detects movements/motion.

 

Installation

llgal can be installed on Ubuntu by running this command

apt -y install llgal

Alternatively you can compile and install llgal directly from its repository
https://github.com/bgoglin/llgal

crack zip password with cracker-ng

Cracking zip password can be made easy with cracker-ng

Installation

Installation is simple, assuming you use Debian, Ubuntu or any other similar operating system :


$ git clone https://github.com/BoboTiG/cracker-ng.git
$ cd cracker-ng

# For testers and contributors, always work with on the devel branch:
$ git checkout devel

$ make

Cracking

Cracking is relatively simple, assuming you have downloaded the awesome Crackstation’s wordlist dictionary.


$ zipcracker-ng -f targetfile.zip -w crackstation-human-only.txt

Additionally zipcracker-ng can also be used with other brute-forcing cracking tool such as john and

$ john --incremental --stdout | zipcracker-ng -f FILE -

$ crunch 1 8 -f charset.lst lalpha | zipcracker-ng -f FILE -

Screenshot of zipcracker-ng in action

crunch

Nano command for search and replace

I spend most of my time with headless Ubuntu server or Raspbian (a Debian derivatives distro for Raspberry Pi).

So naturally I use ‘nano’ to edit various configurations files and Python Scripts.

Here are several ‘nano’ shortcuts for your references

Searching

  • CTRL-W : search text string
  • ALT-W : repeat search
  • ALT-B : Backward search

Search and Replace

  • CTRL-\  search and replace

Cut, Copy and Paste

  • CTRL-K : Cut text
  • CTRL-V : Paste text
  • M-^ or ESc-^ : Copy text

Save and Exit

  • CTRL-O : Save file
  • CTRL-X : Exit nano

Indentation (useful for Python)

  • M-} :  Indent Right
  • M-{ : Indent Left (unindent)

 

That’s all which I can share for today…