Welcome to Centmin Mod Community
Become a Member

Xenforo Reset All Passwords for Security Tutorial

Discussion in 'Centmin Mod User Tutorials & Guides' started by Rake-GH, Mar 19, 2020.

  1. Rake-GH

    Rake-GH Active Member

    179
    93
    28
    Jul 29, 2019
    USA
    Ratings:
    +144
    Local Time:
    8:01 PM
    default
    default
    This tutorial is based on a CMM + Xenforo installation but will apply to a basic CMM install as well. This tutorial is a rough guide on what passwords you need to update if you have the need to do so.

    The reason I put this together is, I made a video tutorial which shows all the credentials for my tutorial server. I will continue to make tutorials, so instead of nuking the entire server I just changed all the credentials.

    This doesn't apply to every installation, use this as a guide not a verbatim solution.

    1) Change SSH keys
    Open /root/.ssh/authorized_keys and replace your old keys with your new ones

    more info: How-to Add SSH Keys to New or Existing Droplets :: DigitalOcean Product Documentation

    2) Change FTP passwords:

    Code:
    pure-pw passwd FTPUSERNAME
    pure-pw mkdb
    more info: Pure-FTPD Virtual FTP Users - CentminMod.com LEMP Nginx web stack for CentOS

    3) Change all htpasswd passwords for all password protected directories.

    If you have a basic setup you will have your main htpasswd file, opcache password and maybe a phpmyadmin
    I just overwrote them all using
    Code:
    /usr/local/nginx/conf/htpasswd.sh create /usr/local/nginx/conf/htpasswd USERNAME PASSWORD
    /usr/local/nginx/conf/htpasswd.sh create /usr/local/nginx/conf/htpassphpmyadmin USERNAME PASSWORD
    /usr/local/nginx/conf/htpasswd.sh create /usr/local/nginx/conf/htpasswd_opcache USERNAME PASSWORD
    Open your /usr/local/nginx/conf/conf.d/ folder and look through all the config files, to find other credentials you might need to update

    Code:
    grep -r "auth_basic_user_file" /usr/local/nginx/conf/conf.d/
    Then for your default vhost you will have php files which have embedded credentials, which you will need to change:

    Code:
    grep -r "ADMIN_PASSWORD" /usr/local/nginx/html/
    3) Change your mysql passwords
    Code:
    /root/tools/mysqladmin_shell.sh setpass
    more info: mysqladmin_shell.sh Shell based Addon

    Update the MySQL password in your webapps, for Xenforo edit public/src/config.php

    4) Change the Xenforo passwords for all admins and moderator accounts via the admin control panel

    5) If you send email from your web server, change email passwords as well

    6) Go through your password manager and see if there is anything else you need to change


    I'm pretty sure that's it, anything else to add?
     
  2. eva2000

    eva2000 Administrator Staff Member

    55,225
    12,253
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,831
    Local Time:
    10:01 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Nice guide thanks for sharing !

    While working on my DigitalOcean 1-Click App image for Centmin Mod (still in progress), part of the process in building a Centmin Mod pre-installed CentOS 7 DO image was having to reset all login/authentication usernames and passwords when a user first spins up a new DigitalOcean VPS server and resets the logins.

    As such a wrote a script to do this. I just made a public copy of it on a Github Gist at centminmod reset all logins for digitalocean 1-click app image builds so you have an idea for other things to reset i.e. memcache admin and PHP Info page HTTP passwords. Script does much more than that and some are specific to DigitalOcean only i.e. optional automated DigitalOcean Spaces + s3cmd setup, so don't just run the script. But inspect script's code and see what is being done. Script is provided as is without any guarantees :)
     
  3. Rake-GH

    Rake-GH Active Member

    179
    93
    28
    Jul 29, 2019
    USA
    Ratings:
    +144
    Local Time:
    8:01 PM
    default
    default
    I referenced your script and I had got everything, thanks

    1 Click Digital ocean is gonna be cool