admin prefix remove Topic is solved

Questions regarding the FTP Server
vsFTPd, ProFTPd
peter.ondzik
Posts: 11
Joined: Sun Aug 30, 2015 3:05 pm

admin prefix remove

Postby peter.ondzik » Thu Feb 16, 2017 10:35 am

Hello is possible to remove admin prefix by creating new ftp user and new sql table ?

skamasle
Collaborator
Posts: 378
Joined: Mon Feb 29, 2016 6:36 pm

Re: admin prefix remove  Topic is solved

Postby skamasle » Sat Feb 18, 2017 8:42 am

Officially is not posible, so not easy way to do it.

BBuchanan1013
Posts: 139
Joined: Thu Jan 07, 2016 12:01 am

Re: admin prefix remove

Postby BBuchanan1013 » Fri May 26, 2017 2:12 am

peter.ondzik wrote:Hello is possible to remove admin prefix by creating new ftp user and new sql table ?


The prefix is a safety / security item. If a hacker was trying to guess the name of a database to gain access to, then he'd run through a bunch of common names. But adding the user_ prefix adds difficulty, as now the hacker would have to guess the username as well.

Plus having username prefix makes it easy when navigating the database with phpmyadmin, as you can see what tables belong to which user instead of guessing

viraladmin
Posts: 29
Joined: Thu Apr 27, 2017 7:40 pm

Re: admin prefix remove

Postby viraladmin » Mon Jun 12, 2017 7:01 pm

Whats possible is to manually add the database and user bypassing the vestacp altogether, then rebuild the users and the databases will show in their accounts.

Code: Select all

mysql -p
create database whatever;
grant all privileges on whatever.* to 'someuser'@'localhost' identified by "Password";


then you need to edit /usr/local/vesta/data/users/some_vestacp_user/db.conf:

Code: Select all

DB='dbname-created-above' DBUSER='someuser-created-above' MD5='' HOST='localhost' TYPE='mysql' CHARSET='UTF8' U_DISK='1' SUSPENDED='no' TIME='12:00:00' DATE='2017-06-12'


Then

Code: Select all

/usr/local/vesta/bin/v-rebuild-user some_vestacp_user


Its not a security issue. This is a bad advice rumor started by WHM CPanel to justify why they did it - the truth is its ONLY to make it easier to match users to databases. It is in fact OPPOSITE in the way of security despite what anyone else may say.

They claim it makes it harder to guess..... actually thats wrong. First of all, one doesn't need to know the database name. If they have the username and password - they have they database name, with the database name but without username or password - they have nothing. So the database name itself is relatively non-important to security.

Now the problem with prefixing the username is it makes it much easier to guess. Which do you think is easier to guess - 5 characters or 14 characters? If I know the username and the username is longer than 9 characters, no guesswork involved I know the first 9 characters of the database username.

Crackers and Script kiddies live for this kind of disinformation.

No guesswork involved, if you use vestacp - I know there is a great change you have usernames that start with admin_ for your database user for at least 1 site.

You explain to me how that makes you feel secure?


Return to “FTP Server”



Who is online

Users browsing this forum: No registered users and 1 guest