Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Security Advisor - Reserved, Invalid, and Misconfigured Usernames

Discussion in 'Security' started by cPanelMichael, Jun 27, 2018.

  1. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,928
    Likes Received:
    1,819
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello Everyone!

    Upcoming builds of cPanel & WHM versions 70 and 72 will include an update to Security Advisor. As part of the update, a new assessor will scan the system for existing cPanel account usernames that do not conform to current validation requirements. If the assessor finds a username that does not conform to the validation requirements, you will see one of the messages below as part of the Security Advisor State Change notification, or when scanning your system manually using WHM >> Security Advisor:

    The following document was created to explain what these validation requirements are, and to offer instructions on what to do if you encounter an invalid, reserved, or misconfigured username on your cPanel system:

    Reserved, Invalid, and Misconfigured Usernames - cPanel Knowledge Base - cPanel Documentation

    You can adjust notification settings for Security Advisor State Change and other alert types using WHM >> Contact Manager.

    For anyone interested in the code utilized with the new assessor, feel free to review the change on the Security Advisor GitHub page:

    Warn users about invalid, reserved, and misconfigured usernames. · CpanelInc/addon_securityadvisor@6fc3182

    Let us know if you have any questions.

    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,675
    Likes Received:
    84
    Trophy Points:
    328
    cPanel Access Level:
    Root Administrator
    Why is this suddenly an issue?
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,928
    Likes Received:
    1,819
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello @sparek-3,

    Most notably, we expanded the list of reserved usernames as part of TSR-2017-0006. If a reserved username was created before it was added to the expanded list, it will still exist on the system. Additionally, the new assessor will help if the list of reserved usernames is expanded again in the future.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,675
    Likes Received:
    84
    Trophy Points:
    328
    cPanel Access Level:
    Root Administrator
    Hmm.

    How often do you expect the reserved username list to change now, going forward?

    Changing usernames is really a horrible idea. Granted, sometimes it may be necessary, but it should never be the first step in resolving an issue. There is too much tied to a username.

    I know we have some usernames that probably no longer fit the profile, start with a number, use hyphens. And while I understand that this username syntax can't be used on new accounts, it's nice that they were grandfathered in. It sounds as if these will now have to be changed.
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,928
    Likes Received:
    1,819
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello @sparek-3,

    There are no active cases to add additional usernames to the reserved list at this time. It's generally something that happens as part of a security audit, a newly discovered security issue, or to address an issue with a cPanel & WHM feature.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice