Page 1 of 1

admin prefix remove

Posted: Thu Feb 16, 2017 10:35 am
by peter.ondzik
Hello is possible to remove admin prefix by creating new ftp user and new sql table ?

Re: admin prefix remove

Posted: Sat Feb 18, 2017 8:42 am
by skamasle
Officially is not posible, so not easy way to do it.

Re: admin prefix remove

Posted: Fri May 26, 2017 2:12 am
by BBuchanan1013
peter.ondzik wrote:Hello is possible to remove admin prefix by creating new ftp user and new sql table ?
The prefix is a safety / security item. If a hacker was trying to guess the name of a database to gain access to, then he'd run through a bunch of common names. But adding the user_ prefix adds difficulty, as now the hacker would have to guess the username as well.

Plus having username prefix makes it easy when navigating the database with phpmyadmin, as you can see what tables belong to which user instead of guessing

Re: admin prefix remove

Posted: Mon Jun 12, 2017 7:01 pm
by viraladmin
Whats possible is to manually add the database and user bypassing the vestacp altogether, then rebuild the users and the databases will show in their accounts.

Code: Select all

mysql -p
create database whatever;
grant all privileges on whatever.* to 'someuser'@'localhost' identified by "Password";
then you need to edit /usr/local/vesta/data/users/some_vestacp_user/db.conf:

Code: Select all

DB='dbname-created-above' DBUSER='someuser-created-above' MD5='' HOST='localhost' TYPE='mysql' CHARSET='UTF8' U_DISK='1' SUSPENDED='no' TIME='12:00:00' DATE='2017-06-12'
Then

Code: Select all

/usr/local/vesta/bin/v-rebuild-user some_vestacp_user
Its not a security issue. This is a bad advice rumor started by WHM CPanel to justify why they did it - the truth is its ONLY to make it easier to match users to databases. It is in fact OPPOSITE in the way of security despite what anyone else may say.

They claim it makes it harder to guess..... actually thats wrong. First of all, one doesn't need to know the database name. If they have the username and password - they have they database name, with the database name but without username or password - they have nothing. So the database name itself is relatively non-important to security.

Now the problem with prefixing the username is it makes it much easier to guess. Which do you think is easier to guess - 5 characters or 14 characters? If I know the username and the username is longer than 9 characters, no guesswork involved I know the first 9 characters of the database username.

Crackers and Script kiddies live for this kind of disinformation.

No guesswork involved, if you use vestacp - I know there is a great change you have usernames that start with admin_ for your database user for at least 1 site.

You explain to me how that makes you feel secure?