We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
admin prefix remove
-
- Posts: 12
- Joined: Sun Aug 30, 2015 3:05 pm
admin prefix remove
Hello is possible to remove admin prefix by creating new ftp user and new sql table ?
Re: admin prefix remove
Officially is not posible, so not easy way to do it.
-
- Posts: 139
- Joined: Thu Jan 07, 2016 12:01 am
Re: admin prefix remove
The prefix is a safety / security item. If a hacker was trying to guess the name of a database to gain access to, then he'd run through a bunch of common names. But adding the user_ prefix adds difficulty, as now the hacker would have to guess the username as well.peter.ondzik wrote:Hello is possible to remove admin prefix by creating new ftp user and new sql table ?
Plus having username prefix makes it easy when navigating the database with phpmyadmin, as you can see what tables belong to which user instead of guessing
-
- Posts: 57
- Joined: Thu Apr 27, 2017 7:40 pm
- Os: Ubuntu 15x
- Web: apache + nginx
Re: admin prefix remove
Whats possible is to manually add the database and user bypassing the vestacp altogether, then rebuild the users and the databases will show in their accounts.
then you need to edit /usr/local/vesta/data/users/some_vestacp_user/db.conf:
Then
Its not a security issue. This is a bad advice rumor started by WHM CPanel to justify why they did it - the truth is its ONLY to make it easier to match users to databases. It is in fact OPPOSITE in the way of security despite what anyone else may say.
They claim it makes it harder to guess..... actually thats wrong. First of all, one doesn't need to know the database name. If they have the username and password - they have they database name, with the database name but without username or password - they have nothing. So the database name itself is relatively non-important to security.
Now the problem with prefixing the username is it makes it much easier to guess. Which do you think is easier to guess - 5 characters or 14 characters? If I know the username and the username is longer than 9 characters, no guesswork involved I know the first 9 characters of the database username.
Crackers and Script kiddies live for this kind of disinformation.
No guesswork involved, if you use vestacp - I know there is a great change you have usernames that start with admin_ for your database user for at least 1 site.
You explain to me how that makes you feel secure?
Code: Select all
mysql -p
create database whatever;
grant all privileges on whatever.* to 'someuser'@'localhost' identified by "Password";
Code: Select all
DB='dbname-created-above' DBUSER='someuser-created-above' MD5='' HOST='localhost' TYPE='mysql' CHARSET='UTF8' U_DISK='1' SUSPENDED='no' TIME='12:00:00' DATE='2017-06-12'
Code: Select all
/usr/local/vesta/bin/v-rebuild-user some_vestacp_user
They claim it makes it harder to guess..... actually thats wrong. First of all, one doesn't need to know the database name. If they have the username and password - they have they database name, with the database name but without username or password - they have nothing. So the database name itself is relatively non-important to security.
Now the problem with prefixing the username is it makes it much easier to guess. Which do you think is easier to guess - 5 characters or 14 characters? If I know the username and the username is longer than 9 characters, no guesswork involved I know the first 9 characters of the database username.
Crackers and Script kiddies live for this kind of disinformation.
No guesswork involved, if you use vestacp - I know there is a great change you have usernames that start with admin_ for your database user for at least 1 site.
You explain to me how that makes you feel secure?