Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Supported by

Deleting initial admin user?

For security reasons, I'd like to replace the 'admin' user with a user of a different name with admin privileges. Is this possible?

Thanks!

Comments

  • No, the initial 'admin' user cannot be deleted - only its password be changed. I'm curious, do you think it's a security thread? A potential attacker still has to figure out the password and you can set this arbitrary difficult.

    Best,

    Kristian

  • Thanks for letting me know!

    I am new to administrative best practices, but I do think that 'admin' is a common user ID to attempt to brute force attack with, so I believe it is good idea to change. While we have a very strong password, the server is publicly accessible, so there is a possibility of attack (I see unknown IPs attempting to log in relatively frequently in the logs.)

    Other things (probably more important than changing the name) I would suggest to address this:

    • Being able to make an IP ban after several incorrect logins.
    • Two-factor authentication

    Just a possible suggestion! Or if you could point me to resources to figure out how to do this myself, I just don't have much experience, but I could try to figure out.

  • I don't think brute force attacks are a thread if you use a proper password. One could argue that having a known username makes denial-of-service attacks more efficient since it takes more of the server's resources to compare a password (via hash) than just comparing a username - but I think this is marginal. And to see unknown IPs attempting to log in is a common sight in public servers. Public IPs get automatically scanned en masse for weaknesses, like the most common username/password combinations.

    Being able to make an IP ban after several incorrect logins.

    Something similar JATOS has already: after 3 failed log-in attempts one gets banned for 1 minute for doing any other attempt with this username. It's effective, although blocking by IP would be even better.

    Two-factor authentication

    I agree it would be nice. We are about to add tokens to make JATOS' API more accessible (https://github.com/JATOS/JATOS/issues/257). Maybe we can add two-factor-auth too when we are already on it. If you want to give it a try: the three most important resources are

    Best,

    Kristian

  • Many thanks, Kristian! This all makes perfect sense.

    Being able to make an IP ban after several incorrect logins.

    Is this a built in feature, or something I need to toggle on? Just checking to make sure I have it. But that is a great thing, thanks!

  • This banning-by-username-after-3-failed-login-attempts comes out of the box.

    Btw. there is a config that you might want to turn on to increase security: https://www.jatos.org/Configure-JATOS-on-a-Server.html#user-session-configuration

    Best,

    Kristian

Sign In or Register to comment.

agen judi bola , sportbook, casino, togel, number game, singapore, tangkas, basket, slot, poker, dominoqq, agen bola. Semua permainan bisa dimainkan hanya dengan 1 ID. minimal deposit 50.000 ,- bonus cashback hingga 10% , diskon togel hingga 66% bisa bermain di android dan IOS kapanpun dan dimana pun. poker , bandarq , aduq, domino qq , dominobet. Semua permainan bisa dimainkan hanya dengan 1 ID. minimal deposit 10.000 ,- bonus turnover 0.5% dan bonus referral 20%. Bonus - bonus yang dihadirkan bisa terbilang cukup tinggi dan memuaskan, anda hanya perlu memasang pada situs yang memberikan bursa pasaran terbaik yaitu http://45.77.173.118/ Bola168. Situs penyedia segala jenis permainan poker online kini semakin banyak ditemukan di Internet, salah satunya TahunQQ merupakan situs Agen Judi Domino66 Dan BandarQ Terpercaya yang mampu memberikan banyak provit bagi bettornya. Permainan Yang Di Sediakan Dewi365 Juga sangat banyak Dan menarik dan Peluang untuk memenangkan Taruhan Judi online ini juga sangat mudah . Mainkan Segera Taruhan Sportbook anda bersama Agen Judi Bola Bersama Dewi365 Kemenangan Anda Berapa pun akan Terbayarkan. Tersedia 9 macam permainan seru yang bisa kamu mainkan hanya di dalam 1 ID saja. Permainan seru yang tersedia seperti Poker, Domino QQ Dan juga BandarQ Online. Semuanya tersedia lengkap hanya di ABGQQ. Situs ABGQQ sangat mudah dimenangkan, kamu juga akan mendapatkan mega bonus dan setiap pemain berhak mendapatkan cashback mingguan. ABGQQ juga telah diakui sebagai Bandar Domino Online yang menjamin sistem FAIR PLAY disetiap permainan yang bisa dimainkan dengan deposit minimal hanya Rp.25.000. DEWI365 adalah Bandar Judi Bola Terpercaya & resmi dan terpercaya di indonesia. Situs judi bola ini menyediakan fasilitas bagi anda untuk dapat bermain memainkan permainan judi bola. Didalam situs ini memiliki berbagai permainan taruhan bola terlengkap seperti Sbobet, yang membuat DEWI365 menjadi situs judi bola terbaik dan terpercaya di Indonesia. Tentunya sebagai situs yang bertugas sebagai Bandar Poker Online pastinya akan berusaha untuk menjaga semua informasi dan keamanan yang terdapat di POKERQQ13. Kotakqq adalah situs Judi Poker Online Terpercayayang menyediakan 9 jenis permainan sakong online, dominoqq, domino99, bandarq, bandar ceme, aduq, poker online, bandar poker, balak66, perang baccarat, dan capsa susun. Dengan minimal deposit withdraw 15.000 Anda sudah bisa memainkan semua permaina pkv games di situs kami. Jackpot besar,Win rate tinggi, Fair play, PKV Games