Introduction
In some cases, it may be necessary to change all account passwords on your DirectAdmin server. For example if the server was compromised, or leaks that have been found (such as the recent openssl security holes), or an employee who has all the passwords has left the company. Changing all passwords on a server can be very time consuming, and for this I have created a PHP command line script that will facilitate automated password changes on several levels:
- All DirectAdmin accounts (including the default e-mail address and FTP account for those accounts),
- All custom FTP accounts,
- All custom e-mail adresses.
The script also has options to change the password for:
- Just one DirectAdmin account,
- Just one e-mail- or FTP account,
- All e-mail- or FTP accounts on one specific domain name.
Last but not least, the script also has a function that will generate a listing of the above without changing passwords, so that you have a list of for example all custom e-mail addresses on the server. The new password(s) can be automatically sent to the e-mail address of the DirectAdmin account holder, and a summary of all changes can be sent to a specified e-mail address.
If this script is executed by an admin user, then all accounts on the server can be affected by this script. If executed by a reseller, then only accounts that fall within his/her level of authority will be affected.
This script can be executed locally on a DirectAdmin server, but can also connect to (any) DirectAdmin server from a remote location. This is useful if you manage many DirectAdmin servers.
Download
You can download the script from:
https://www.optusnet.org.uk/wp-content/uploads/2014/05/Da-ChagesPass.zip
Make the script executable with:
[root@server]# chmod 550 da_changepass.php
And run it with:
[root@server]# ./da_changepass.php
If you don’t make it executable, you can still run it using:
[root@server]# php da_changepass.php
The script will also attempt to download the following required file (using curl) if it is not found in the same directory. But you can manually download it as well:
http://files.directadmin.com/services/all/httpsocket/httpsocket.php
Variables
Before you start using this script, a few variables need to be updated. When done, change the $scriptedited variable to Y.
The variables below hold information about the target server. If any of this information is left empty, the script will ask for it. The $server_ssl parameter indicates if DirectAdmin is reachable over SSL.
$server_ip=""; $server_port="2222"; $server_login=""; $server_pass=""; $server_ssl="N";
The variables below tell the script what to, such as how long the newly generated passwords should be, from what characters the passwords should be constructed, if empty results (such as domain names without FTP or e-mail accounts) should be displayed, if a summary should be sent to an e-mail address specified in $sendsummaryaddress, and if an e-mail containing a new password should be sent to the holder of the DirectAdmin account whose password has been changed. The $adminuser variable contains the name of the admin account that is executing this script. This prevents updating the password of the user executing this script when –alluser is used. Otherwise the script would halt right after it changes the password of this user.
$passlength = "10"; $passchars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*"; $adminuser="admin"; $displayempty="Y"; $sendsummary="Y"; $sendinfosummary="Y"; $sendsummaryaddress="email@address.ext"; $mailfrom="email@address.ext"; $sendemailtouser="Y";
Make sure you have read every single variable above. The variables below indicate if mail should be sent via PHP’s internal mail() function, or via SMTP (will require PHPMailer script to be present). If you execute the script directly on the target server, you could suffice with just the mail() function. If you however execute the script on a central server from which you can manage multiple DirectAdmin servers, it would be wise to use the SMTP option to make sure that e-mail that is sent to users will not be blocked by blacklists or spamfilters.
$usesmtp="Y"; $SmtpServer="mail.server.ext"; $SmtpPort=""; $SmtpSecure="tls"; $SmtpUser=""; $SmtpPass=""; $phpmailer="PHPMailer";
If you enabled the $sendemailtouser variable, you may also want to update the 3 mailsubject/mailbody combinations, so that users who had a password changed will receive mail content that is customized for your company.
Once you have finished checking/updating the variables, it is strongly advisable to check the execution of this script against one or more test accounts to make sure that you get the results (and e-mail content) you expect to receive.
Script usage
Change the password of one user: ./da_changepass.php --user <username> <optional password> If no password is given, a random one will be generated Change the passwords for all users except te admin user: ./da_changepass.php --alluser Change the e-mail password for all e-mail accounts on the server: ./da_changepass.php --allmail Change all e-mail passwords for a specific domain: ./da_changepass.php --mail <domainname> Change the e-mail password for a specific e-mail address: ./da_changepass.php --mail <e-mail address> <optional password> If no password is given, a random one will be generated Change the ftp account password for all ftp accounts on the server: ./da_changepass.php --allftp Change all ftp account passwords for a specific domain: ./da_changepass.php --ftp <domainname> Change the ftp account password for a specific account: ./da_changepass.php --ftp <ftpuser@domain> <optional password> If no password is given, a random one will be generated Display a list of ftp or e-mail accounts: ./da_changepass.php --list <ftp | mail> <optional domain> Send a test e-mail: ./da_changepass.php --mailtest