Welcome Guest. Please Login or Register  


You are here: Index > Webuzo > General Support > Topic : Webuzo username "admin" dangerous

1


Threaded Mode | Print  

 Webuzo username "admin" dangerous, Username admin is usually used for guess the password (19 Replies, Read 28340 times)
peopleinside
Group: Member
Post Group: Super Member
Posts: 1394
Status:

Open source, web and security passionate
I have buyed a VPS with Webuzo.

Actualy my username is admin and VPS company as told me is no possibile to change this.

Admin username is usually used for guess the password.
It's not good user can't change it.

In addiction i think should be good for Webuzo administrator have the power to reset password SSH if can be possibile from webuzo and all password.

Thanks.


-----------------------
PeopleInside  :angel:

Web, security, open source passionate.
IP: --   

Webuzo username "admin" dangerous
valley
Group: Webuzo Team
Post Group: Super Member
Posts: 1644
Status:
Hi,

You can change the password fortheuser from the Webuzo Enduser Panel.
Guide : http://www.webuzo.com/wiki/Change_Endusers_Password

You cannot change the username once it is set.

-----------------------
Webuzo : Single User Control Panel
Join Webuzo :
Facebook
Twitter

IP: --   

Webuzo username "admin" dangerous
peopleinside
Group: Member
Post Group: Super Member
Posts: 1394
Status:

Open source, web and security passionate
Quote From : valley November 9, 2013, 6:15 pm
Hi,

You can change the password fortheuser from the Webuzo Enduser Panel.
Guide : http://www.webuzo.com/wiki/Change_Endusers_Password

You cannot change the username once it is set.


You can understand final user who use webuzo don't decide with username have so if host use "bad" username as mentioned.. you can understand can be a security issue.

It's a big problem to make user can change username?
Thank for reply.


-----------------------
PeopleInside  :angel:

Web, security, open source passionate.
IP: --   

Webuzo username "admin" dangerous
peopleinside
Group: Member
Post Group: Super Member
Posts: 1394
Status:

Open source, web and security passionate
Quote From : peopleinside November 9, 2013, 6:30 pm
Quote From : valley November 9, 2013, 6:15 pm
Hi,

You can change the password fortheuser from the Webuzo Enduser Panel.
Guide : http://www.webuzo.com/wiki/Change_Endusers_Password

You cannot change the username once it is set.


You can understand final user who use webuzo don't decide with username have so if host use "bad" username as mentioned.. you can understand can be a security issue.

It's a big problem to make user can change username?
Thank for reply.


Can be a great idea to set an email every time admin log in so this security feature can be actived in the settings of webuzo and user can monitor the log in.


-----------------------
PeopleInside  :angel:

Web, security, open source passionate.
IP: --   

Webuzo username "admin" dangerous
valley
Group: Webuzo Team
Post Group: Super Member
Posts: 1644
Status:
Thanks for the suggestion. We have added this to our TO-DO list and shall have it implemented.

-----------------------
Webuzo : Single User Control Panel
Join Webuzo :
Facebook
Twitter

IP: --   

Webuzo username "admin" dangerous
peopleinside
Group: Member
Post Group: Super Member
Posts: 1394
Status:

Open source, web and security passionate
Quote From : valley November 11, 2013, 3:57 am
Thanks for the suggestion. We have added this to our TO-DO list and shall have it implemented.

Thank you!

Also i'm searching for a log of login fail to the webuzo login page for monitoring website is not under attach but there is or can be avaiable in the future? In my wordpress installation i have a plug in who monitor and count login fails so i can check if some one has tried to log in :-) without success.

Also after some wrong log in user are banned for a tot of time (you can choose in the control panel) .. you can consider to add this feature too.


-----------------------
PeopleInside  :angel:

Web, security, open source passionate.
IP: --   

Webuzo username "admin" dangerous
divij
Group: Member
Post Group: Elite Member
Posts: 290
Status:
Hi,

Thanks for the suggestion. We have added this to our TO-DO list and shall have it implemented.
IP: --   

Webuzo username "admin" dangerous
peopleinside
Group: Member
Post Group: Super Member
Posts: 1394
Status:

Open source, web and security passionate
Security Issue, when admin change the password from webuzo of Cpanel or file manager should log out!

Now isn't i change the password and i can continue to do action on webuzo, this is bad.


-----------------------
PeopleInside  :angel:

Web, security, open source passionate.
IP: --   

Webuzo username "admin" dangerous
peopleinside
Group: Member
Post Group: Super Member
Posts: 1394
Status:

Open source, web and security passionate
Quote From : divij November 12, 2013, 6:20 am
Hi,

Thanks for the suggestion. We have added this to our TO-DO list and shall have it implemented.


Is the Username changing now available on the last webuzo edition or the user change will be available soon?

-----------------------
PeopleInside  :angel:

Web, security, open source passionate.
IP: --   

Webuzo username "admin" dangerous
valley
Group: Webuzo Team
Post Group: Super Member
Posts: 1644
Status:
Quote
Security Issue, when admin change the password from webuzo of Cpanel or file manager should log out!

Now isn't i change the password and i can continue to do action on webuzo, this is bad.


Sir the Webuzo Enduser Panel and the FileManager do not share the same password.

Quote
Is the Username changing now available on the last webuzo edition or the user change will be available soon?

We have it in our TO-DO list. We shall update you once it is available.


-----------------------
Webuzo : Single User Control Panel
Join Webuzo :
Facebook
Twitter

IP: --   

Webuzo username "admin" dangerous
hudic20
Group: Member
Post Group: Newbie
Posts: 6
Status:
Hi!

I have problem with Softaculous Webuzo. First time when I run Webuzo VM file on Linux Mint 13 Webuzo working fine and I install too successfully and FTP working fine. But I'm idiot delete VM files and now when I start Webuzo VM again .. i have error "Obtaining IP:2004" and "Obtaining IP:2002" first time i have IP addres now have this ...  :squi:  

- Mint 13
- VirtualBox
- Network: Bridge Adapter - eth0
- no router

I try with this command in shell
Code
rm -rf /etc/udev/rules.d/70-persistent-net.rules
and reboot Webuzo but not working.  :-(

Thank you for help.
IP: --   

Webuzo username "admin" dangerous
valley
Group: Webuzo Team
Post Group: Super Member
Posts: 1644
Status:
Quote From : hudic20 January 28, 2014, 2:11 am
Hi!

I have problem with Softaculous Webuzo. First time when I run Webuzo VM file on Linux Mint 13 Webuzo working fine and I install too successfully and FTP working fine. But I'm idiot delete VM files and now when I start Webuzo VM again .. i have error "Obtaining IP:2004" and "Obtaining IP:2002" first time i have IP addres now have this ...  :squi:  

- Mint 13
- VirtualBox
- Network: Bridge Adapter - eth0
- no router

I try with this command in shell
Code
rm -rf /etc/udev/rules.d/70-persistent-net.rules
and reboot Webuzo but not working.  :-(

Thank you for help.


Switch to NAT >> execute the command >> Reboot

Hope it helps.

>> - Mint 13
Webuzo works smooth CentOS, Redhat, Ubuntu OR Scientific Linux

-----------------------
Webuzo : Single User Control Panel
Join Webuzo :
Facebook
Twitter

IP: --   

Webuzo username "admin" dangerous
hudic20
Group: Member
Post Group: Newbie
Posts: 6
Status:
I switch to NAT and see IP but cant connected with my IP.


IP: --   

Webuzo username "admin" dangerous
hudic20
Group: Member
Post Group: Newbie
Posts: 6
Status:
OMG ...

Now I restared again VirtualBox and IP changed again on my VirtualBox  IP ... i have switch NAT network :S

But first time works on NAT Bridge Network
IP: --   

Webuzo username "admin" dangerous
valley
Group: Webuzo Team
Post Group: Super Member
Posts: 1644
Status:
Glad to hear that it worked for you !!! :D

-----------------------
Webuzo : Single User Control Panel
Join Webuzo :
Facebook
Twitter

IP: --   

« Previous    Next »

Threaded Mode | Print  

1


Jump To :


Users viewing this topic
1 guests, 0 users.


All times are GMT. The time now is March 28, 2024, 11:19 pm.

  Powered By AEF 1.0.8 © 2007-2008 Electron Inc.Queries: 11  |  Page Created In:0.038