How To Change Admin Username? — CyberPanel - WebHosting Control Panel for OpenLiteSpeed
CyberHosting

How To Change Admin Username?

Hi, i'm just starting to learn Cyberpanel and already managed to install it.

May i know, how to change 'admin' username to something else?

Don't u think it's a bad practice to force us to use 'admin' for main superadmin login?

And, is there any suggestions to increase the security of our main login page? (https://xxxxxx:8090)

Comments

  • Do not change this user, it is better you can create another user with admin ACL.
  • That lowers the security even more. Leaving an "admin" users is like leaving port 22 open. And kiddy script is going to try that username (and "root") first and brute for the password. I love litespeed and I love cyberpanel. Even moreso than cPanel, Webmin/Virtualmin, etc. But this relaxed attitude towards security (for example no 2FA) is nearly a deal breaker. I understand you request we help, and I'm happy to try, but I guess I'm just a little shocked the ONLY thing protecting ALL of my sites is a single password.
  • Agreed! We need 2FA.
  • Type your comment> @Cocchini_Corp said:
    > That lowers the security even more. Leaving an "admin" users is like leaving port 22 open.

    +1. It's worse than leaving port 22.
    Fan of CyberPanel
  • it will be a problem. so please create another userid
  • fanfan
    edited August 2020
    > @hennaboy said:
    > 2FA is coming in 2.0.3 its already been implemented at github.

    It's awesome as now there is no BF prevention as I understand.
    Fan of CyberPanel
  • Using ssh keys, which CP makes super-easy to implement, and removing password access from login keeps port 22 quiet as a mouse. I totally agree with @hennaboy, changing port 22 does absolutely nothing to help with security. Same process using CentOS or Ubuntu.

    Plus, using the built-in CP firewall or CSF (much better) to close any and all unused ports and monitor for open port attacks takes minutes to do and prevents so much abuse.
  • Type your comment> @themew said:
    > Using ssh keys, which CP makes super-easy to implement, and removing password access from login keeps port 22 quiet as a mouse. I totally agree with @hennaboy, changing port 22 does absolutely nothing to help with security. Same process using CentOS or Ubuntu.
    >
    > Plus, using the built-in CP firewall or CSF (much better) to close any and all unused ports and monitor for open port attacks takes minutes to do and prevents so much abuse.

    How do you prevent brute force on port 8090?
    Fan of CyberPanel
  • While you can't prevent brute force attempts in CP's firewall settings, In CSF you can limit brute force attacks to a specific port(s). Add port 8090 and 7080 if you wish to prevent brute force attempts to those ports.
  • Type your comment> @themew said:
    > While you can't prevent brute force attempts in CP's firewall settings, In CSF you can limit brute force attacks to a specific port(s). Add port 8090 and 7080 if you wish to prevent brute force attempts to those ports.

    Did you try?

    How CSF will know if it was a BF attempt?
    Fan of CyberPanel
  • You specify the number of times the port can be accessed in succession. You can also specify the ban time or permanent ban of the offending IP.
  • Type your comment> @themew said:
    > You specify the number of times the port can be accessed in succession. You can also specify the ban time or permanent ban of the offending IP.

    Which setting is this? Portflood, connlimit? Do you know that BF is usually done from many different IPs?
    Fan of CyberPanel
  • CSF will ban whichever IPs are used in the attack for whatever amount of time you specify (hourly or permanently).

    Rather than type a full CSF tutorial, there are dozens of great writeups online explaining how to set up CSF to mitigate various attacks. There are several settings that need to be activated as well as ports specified to effectively use CSF which does a great job protecting CyberPanel.
  • Type your comment> @themew said:
    > CSF will ban whichever IPs are used in the attack for whatever amount of time you specify (hourly or permanently).
    >
    > Rather than type a full CSF tutorial, there are dozens of great writeups online explaining how to set up CSF to mitigate various attacks. There are several settings that need to be activated as well as ports specified to effectively use CSF which does a great job protecting CyberPanel.

    That's a bit of work writing a tutorial for a few settings to be activated, I understand.. I also understand that you were writing pure nonsense before, because port monitoring has nothing to do with blocking login attempts. I can hold F5 when accessing cpanel.on:8090 and I will be blocked? What are you talking about?? What about logged in users, what if their F5 key stuck while being log in??
    Fan of CyberPanel
  • https://www.google.com/
  • Type your comment> @themew said:
    > https://www.google.com/

    I still have a hope in forum members even after this..
    Fan of CyberPanel
  • @fan CSF would have to parse url /verifyLogin and monitor hits from each IP not the login page so refreshes won't count. However atm cyberpanel is returning 200 even for failed attempts which may cause false blocks. So if that is switched to 401 and considering all requests are logged CSF can be easily integrated.
  • Type your comment> @jetchirag said:
    > @fan CSF would have to parse url /verifyLogin and monitor hits from each IP not the login page so refreshes won't count. However atm cyberpanel is returning 200 even for failed attempts which may cause false blocks. So if that is switched to 401 and considering all requests are logged CSF can be easily integrated.

    That talk is closer to reality.

    1. Login requests are not logged anywhere? I don't know that and I wish to find out. This way they could be tracked at least. There's nothing to parse atm. I have no idea what @themew does with his ports and I'm sure he doesn't know that also.
    2. CyberPanel should implement these response codes on their end, so there's not much we can do now.
    Fan of CyberPanel
  • hi , i'm one of covid 19 survival and new cyberpanel user ; i would like to tell u that now there's a 2FA
Sign In or Register to comment.
CyberPanel Discord

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!