We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
What is the thought behind the default admin and admin_ prefix?
What is the thought behind the default admin and admin_ prefix?
I was wondering why the default user is called 'admin' and the prefix is 'admin_'. Is there a reason for this? I read that having an additional prefix is a so-called 'security measurement', but 'admin' is almost more common than the name 'John' in America. From that perspective, 'vesta' would be more secure, in my opinion.
So anyone care to clarify it? Just wondering.
So anyone care to clarify it? Just wondering.
Re: What is the thought behind the default admin and admin_ prefix?
The prefix is not rellay a "security-thing", more a management one. Admin is one of the most common ways for default user, that's right. In VestaCP you can't rename or delete this user. If you choose a secure/strong password (what should be a standard of course) there is no security issue in using this user. Brute force attacks will be detected and blocked by fail2ban, so no "problem" in that way.
-
- Support team
- Posts: 1096
- Joined: Sat Sep 06, 2014 9:58 pm
- Contact:
- Os: Debian 8x
- Web: apache + nginx
Re: What is the thought behind the default admin and admin_ prefix?
as ScIT said, if you configure everything properly upto security standards.. it should not be a problem.
Don't use admin account to host any sites.. create a separate user for each site or atleast each group of customers.
However, I do feel the ability to choose "admin" user account's name during VestaCP install would be great... security through obfuscation is a great way and would reduce attack surface and attempt if both username and password are to be guessed.
I had proposed this 3 years back... may be at some point it will be possible for the Devs to include such an option
Don't use admin account to host any sites.. create a separate user for each site or atleast each group of customers.
However, I do feel the ability to choose "admin" user account's name during VestaCP install would be great... security through obfuscation is a great way and would reduce attack surface and attempt if both username and password are to be guessed.
I had proposed this 3 years back... may be at some point it will be possible for the Devs to include such an option