Xenforo Reset All Passwords for Security Tutorial

Rake-GH · Mar 19, 2020

This tutorial is based on a CMM + Xenforo installation but will apply to a basic CMM install as well. This tutorial is a rough guide on what passwords you need to update if you have the need to do so.

The reason I put this together is, I made a video tutorial which shows all the credentials for my tutorial server. I will continue to make tutorials, so instead of nuking the entire server I just changed all the credentials.

This doesn't apply to every installation, use this as a guide not a verbatim solution.

1) Change SSH keys
Open /root/.ssh/authorized_keys and replace your old keys with your new ones

more info: How-to Add SSH Keys to New or Existing Droplets :: DigitalOcean Product Documentation

2) Change FTP passwords:
Code:
pure-pw passwd FTPUSERNAME
pure-pw mkdb
more info: Pure-FTPD Virtual FTP Users - CentminMod.com LEMP Nginx web stack for CentOS

3) Change all htpasswd passwords for all password protected directories.

If you have a basic setup you will have your main htpasswd file, opcache password and maybe a phpmyadmin
I just overwrote them all using
Code:
/usr/local/nginx/conf/htpasswd.sh create /usr/local/nginx/conf/htpasswd USERNAME PASSWORD
/usr/local/nginx/conf/htpasswd.sh create /usr/local/nginx/conf/htpassphpmyadmin USERNAME PASSWORD
/usr/local/nginx/conf/htpasswd.sh create /usr/local/nginx/conf/htpasswd_opcache USERNAME PASSWORD
Open your /usr/local/nginx/conf/conf.d/ folder and look through all the config files, to find other credentials you might need to update
Code:
grep -r "auth_basic_user_file" /usr/local/nginx/conf/conf.d/
Then for your default vhost you will have php files which have embedded credentials, which you will need to change:
Code:
grep -r "ADMIN_PASSWORD" /usr/local/nginx/html/
3) Change your mysql passwords
Code:
/root/tools/mysqladmin_shell.sh setpass
more info: mysqladmin_shell.sh Shell based Addon

Update the MySQL password in your webapps, for Xenforo edit public/src/config.php

4) Change the Xenforo passwords for all admins and moderator accounts via the admin control panel

5) If you send email from your web server, change email passwords as well

6) Go through your password manager and see if there is anything else you need to change

I'm pretty sure that's it, anything else to add?

eva2000 · Mar 19, 2020

Nice guide thanks for sharing !

While working on my DigitalOcean 1-Click App image for Centmin Mod (still in progress), part of the process in building a Centmin Mod pre-installed CentOS 7 DO image was having to reset all login/authentication usernames and passwords when a user first spins up a new DigitalOcean VPS server and resets the logins.

As such a wrote a script to do this. I just made a public copy of it on a Github Gist at centminmod reset all logins for digitalocean 1-click app image builds so you have an idea for other things to reset i.e. memcache admin and PHP Info page HTTP passwords. Script does much more than that and some are specific to DigitalOcean only i.e. optional automated DigitalOcean Spaces + s3cmd setup, so don't just run the script. But inspect script's code and see what is being done. Script is provided as is without any guarantees

Rake-GH · Mar 19, 2020

I referenced your script and I had got everything, thanks

1 Click Digital ocean is gonna be cool

Log in / Register

Forums

Welcome to Centmin Mod Community

Xenforo Reset All Passwords for Security Tutorial

Rake-GH Active Member

eva2000 Administrator Staff Member

Rake-GH Active Member

.

Log in / Register

Useful Searches

Welcome to Centmin Mod Community

Xenforo Reset All Passwords for Security Tutorial

Rake-GH Active Member

eva2000 Administrator Staff Member

Rake-GH Active Member

.