WHM default Root login Should be Changed

[MasterChief]

All,

WHM shouldn't have root as default login. We do our best to lockout direct root access to the server but WHM remains an issue. With this configuration, a brute force cracker already knows the username, which makes hacking the server a much easier task, as opposed to having to guess both the username and password.

Hoping that people @ cPanel will consider this as a security risk.

Tks,
MasterChief

 

[AbeFroman]

I second that request.

Does anyone third it?

 

[anand]

Originally posted by AbeFroman
I second that request.

Does anyone third it?

I do

 

[tAzMaNiAc]

If you do a good hard to crack password, whatya worrying about?

 

[anand]

Originally posted by tAzMaNiAc
If you do a good hard to crack password, whatya worrying about?

Thats true, yet i have seen several customers even after repeated reminders use easy passwords for root logins. This feature could help them atleast.

 

[jmweb]

i agree, root shouldn't be the user or it should be editable.

 

[cPDan]

Just a thought:

1) Set root's password to a long random string every ten minutes. So you never use root. Or if you do use root set it to a good password and pummel your users if they use dumb passwords.

(kind of a, you could spend a million dollars on the best security in the world but if someone opens the vault for the robbers it won't matter much)

2) set up a reseller account to act as root so you never have to login as root

3) always use SSL

 

[PWSowner]

Originally posted by cpdan
(kind of a, you could spend a million dollars on the best security in the world but if someone opens the vault for the robbers it won't matter much)

That's right to the point. Nothing wrong with root being called root. Security is up to the users. Could always disable root access which would require loging in twice to be root.

 

[SarcNBit]

Originally posted by squirrel
Could always disable root access which would require loging in twice to be root.

I think you are thinking about SSH access. This thread is talking about WHM access.

Allowing a user defined port for secure WHM access would be nice too.

 

[unfiltered]

While I’d like to be able to login as something other then root, doesn’t WHM need root permissions to do things like recompile apache, etc.? Are these connected?

also, given that you HAVE to login as root, shouldn’t use of ssl be a must when logging into WHM? I'm saying remove the ability to login to whm via http!

 

[dennis]

plesk does not use root as default login, instead it uses admin. And this admin can only performance server administration and other related task... more of a scale down root's access.

 

[PWSowner]

Originally posted by SarcNBit
I think you are thinking about SSH access. This thread is talking about WHM access.

Allowing a user defined port for secure WHM access would be nice too.

Oops. I'm allowed to make 1 mistake.


I agree. It would be nice to be able to choose our own port.

 

[tAzMaNiAc]

Originally posted by dennis
plesk does not use root as default login, instead it uses admin. And this admin can only performance server administration and other related task... more of a scale down root's access.

That can be done if you make yourself a reseller.

Brenden

 

[phoenixdarkdirk]

I never use root to login to WHM, but there are two problems:

1. One of the reasons that I don't login as root is that my root password doesn't work to login. I have to change it to something shorter/easier before I can login via HTTP Auth to WHM. (Annoying bug!!)

2. WHM/Cpanel news doesn't work unless you login as root. I've missed a few important announcements due to this.


If anyone has any hints on getting around these, I'm sure a lot of people would be interested!!

Andy

 

[dennis]

Originally posted by tAzMaNiAc
That can be done if you make yourself a reseller.

Brenden

no thats not what i meant.

if u use plesk before you will know.

For users to access WHM, they login as root.

For users to access plesk Server admin (= WHM), they login as admin, not root

 

[Angel78]

Perhaps Nick could create like 2 level login system which could be enabled in the Tweak Settings:

If you enable it you will have to create another user with pass, and when you try to Login to WHM, you first have to login with "anotheruser" and if that is successful you still have to login as root.

By making this an option, people that want more security would have to login twice (more secure) and those that dont want more hassle, coud still use 1 level (root only) login to WHM

 

[SupermanInNY]

Semi-solution:

Here is what we have done on our server:

Close port 2086 and 2087. (hey.. what...??? read on!)
We have cgi script called open_sesame (hmm.. what an
interesing name) and what it does is,.. opens the ports
2086 and 2087 and initiates a crond that is set with a
time interval of 25 minutes. Once the 25 minutes are up,
the crond kicks in and closes those ports.
The open_sesame script is placed in password protected directory of our choice, with the username and password
or our choice.
While it doesn't provide total security,.. it certainly keeps
the Brute force heckers out as they can't even get to the
Authentication Certificate, let alone the Prompt for username and Password.
So the brute force guys have a very narrow window of time.. I'd give them an avg of maybe 2 hours a day of open time to try and brute force.
It's not the best way to block them,.. but it certainly much better than the current root access.

Just my $0.02

-Alon.

 

[twhiting9275]

Security isn't about allowing one user and not allowing another, it's about enforcing strict passwords, keeping up to date with system updates (including cpanel updates) and checking repeatedly to see if someone's actually managed to break in. In short, it's about KNOWING what's going on with your server, not changing the default user.

Should root not be used? I don't see why not as long as root has a decent password applied to it.. So, you disable root logins, great. The default user needs to be the same on every machine, so you've now got the problem where you just open up another user to be hacked.. Brilliant.

Instead of disabling root in whm, why not actually secure the box? Lock it down to where only specific ip's can login, make root rather hard to crack, actually ENFORCE password rules (use something like jtr to check your customer's passwords, and tell them if they're easily guessed. If they don't change them, then disable them until they are changed. Harsh? Yes, but it's a lot less harsh than having your system hacked because some kiddie guessed some user's password was 8675309 :P

 

[SupermanInNY]

I've just added complexity to the root login.
Yes.. security must be enforced by means of hard passwords,. but given enough resources, a hacker can brute force a password by running multiple servers from various sites all attacking the same site.

By adding a password protected directory with a user name and password as an outside layer, You are now forced to go through two stages of password verification.

The only difference is,. .you don't know the username I picked for the password directory. And that, is the great advantage of my locking mechanism.

If by weired unthinkable way you got through the username and password of the protected directory,. then you are still encountered by the hard to break root access.

This is very much similar to guessing a wheele group username and it's password. And even if you are lucky to go that far,.. you stilll don't have root access... and you need to work the root password.

I personally sleep better knowing that no one can brute force the root password on my machine, as they don't know the open_sesame directory name, they don't know the username and they don't know the password.
That plus hard root password.. and you just can't beat that kind of security!

another $0.02 of me... damn.. up to $0.04.. I'm a big spender ))

-Alon.

 

[SarcNBit]

How about locking down WHM after X number of invalid logon attempts for X number of minutes. X could be configurable via WHM.

That should discourage brute force cracking attempts.

There would need to be a reset flag settable via SSH login. That way if an admin set the numbers to something relatively secure (say 2 attempts before being locked for 60 minutes) they could still do their job despite lack of coffee and caps lock conflicts.