Changing some or all DirectAdmin related account passwords

By | June 26, 2014

Introduction

In some cases, it may be necessary to change all account passwords on your DirectAdmin server. For example if  the server was compromised, or leaks that have been found (such as the recent openssl security holes), or an employee who has all the passwords has left the company. Changing all passwords on a server can be very time consuming, and for this I have created a PHP command line script that will facilitate automated password changes on several levels:

  • All DirectAdmin accounts (including the default e-mail address and FTP account for those accounts),
  • All custom FTP accounts,
  • All custom e-mail adresses.

The script also has options to change the password for:

  • Just one DirectAdmin account,
  • Just one e-mail- or FTP account,
  • All e-mail- or FTP accounts on one specific domain name.

Last but not least, the script also has a function that will generate a listing of the above without changing passwords, so that you have a list of for example all custom e-mail addresses on the server. The new password(s) can be automatically sent to the e-mail address of the DirectAdmin account holder, and a summary of all changes can be sent to a specified e-mail address.

If this script is executed by an admin user, then all accounts on the server can be affected by this script. If executed by a reseller, then only accounts that fall within his/her level of authority will be affected.

This script can be executed locally on a DirectAdmin server, but can also connect to (any) DirectAdmin server from a remote location. This is useful if you manage many DirectAdmin servers.

Download

You can download the script from:

https://github.com/sempiterna/DA-ChangePass

Make the script executable with:

[[email protected]]# chmod 550 da_changepass.php

And run it with:

[[email protected]]# ./da_changepass.php

If you don’t make it executable, you can still run it using:

[[email protected]]# php da_changepass.php

The script will also attempt to download the following required file (using curl) if it is not found in the same directory. But you can manually download it as well:

http://files.directadmin.com/services/all/httpsocket/httpsocket.php

Variables

Before you start using this script, a few variables need to be updated. When done, change the $scriptedited variable to Y.

The variables below hold information about the target server. If any of this information is left empty, the script will ask for it. The $server_ssl parameter indicates if DirectAdmin is reachable over SSL.

 $server_ip=""; 
 $server_port="2222"; 
 $server_login=""; 
 $server_pass=""; 
 $server_ssl="N"; 

The variables below tell the script what to, such as how long the newly generated passwords should be, from what characters the passwords should be constructed, if empty results (such as domain names without FTP or e-mail accounts) should be displayed, if a summary should be sent to an e-mail address specified in $sendsummaryaddress, and if an e-mail containing a new password should be sent to the holder of the DirectAdmin account whose password has been changed. The $adminuser variable contains the name of the admin account that is executing this script. This prevents updating the password of the user executing this script when –alluser is used. Otherwise the script would halt right after it changes the password of this user.

 $passlength = "10";
 $passchars = "[email protected]#$%^&*";
 $adminuser="admin"; 
 $displayempty="Y";
 $sendsummary="Y";
 $sendinfosummary="Y";
 $sendsummaryaddress="[email protected]";
 $mailfrom="[email protected]"; 
 $sendemailtouser="Y";

Make sure you have read every single variable above. The variables below indicate if mail should be sent via PHP’s internal mail() function, or via SMTP (will require PHPMailer script to be present). If you execute the script directly on the target server, you could suffice with just the mail() function. If you however execute the script on a central server from which you can manage multiple DirectAdmin servers, it would be wise to use the SMTP option to make sure that e-mail that is sent to users will not be blocked by blacklists or spamfilters.

 $usesmtp="Y"; 
 $SmtpServer="mail.server.ext";
 $SmtpPort=""; 
 $SmtpSecure="tls";
 $SmtpUser=""; 
 $SmtpPass="";
 $phpmailer="PHPMailer";

If you enabled the $sendemailtouser variable, you may also want to update the 3 mailsubject/mailbody combinations, so that users who had a password changed will receive mail content that is customized for your company.

Once you have finished checking/updating the variables, it is strongly advisable to check the execution of this script against one or more test accounts to make sure that you get the results (and e-mail content) you expect to receive.

Script usage

    Change the password of one user:
       ./da_changepass.php --user <username> <optional password>
       If no password is given, a random one will be generated
 
    Change the passwords for all users except te admin user:
       ./da_changepass.php --alluser
 
    Change the e-mail password for all e-mail accounts on the server:
       ./da_changepass.php --allmail
 
    Change all e-mail passwords for a specific domain:
       ./da_changepass.php --mail <domainname>
 
    Change the e-mail password for a specific e-mail address:
       ./da_changepass.php --mail <e-mail address> <optional password>
       If no password is given, a random one will be generated
 
    Change the ftp account password for all ftp accounts on the server:
       ./da_changepass.php --allftp
 
    Change all ftp account passwords for a specific domain:
       ./da_changepass.php --ftp <domainname>
 
    Change the ftp account password for a specific account:
       ./da_changepass.php --ftp <[email protected]> <optional password>
       If no password is given, a random one will be generated
 
    Display a list of ftp or e-mail accounts:
       ./da_changepass.php --list <ftp | mail> <optional domain>

    Send a test e-mail:
       ./da_changepass.php --mailtest

Conclusion

This script is released in the hope that it will be useful, but without any warranty. If you have any questions about this script and/or its workings, don’t hesitate to comment on it. If you find this script useful and is saving you a lot of time, a small donation will be greatly appreciated :)

Bitcoin: 1PAaEhiZLDoMUNMuHsMWt7ow44tY3K7v2i
Litecoin: LUY1XXruLiJNY1kXq5oeX1uMWXKxBx3Cxh

Leave a Reply

Your email address will not be published. Required fields are marked *