Get Free Linux Server Security, Performance & Troubleshooting Tips

How to Mass Change All cPanel Account Passwords

How to Mass Change All cPanel Account Passwords
5 (100%) 3 votes

Today I found a cool way to mass change all cPanel account passwords. This simple script is really useful when you suspect most of your sites are cpanel/ftp compromised and you need to set new passwords really quickly. This tiny script will set new strong random passwords for all your cPanel users, that includes the FTP access for each website.

How can I mass change all cpanel account passwords?

Create a file called masschange.sh

nano -w /root/masschange.sh

Then paste this content inside:




#! /bin/bash

# Avoid cPanel warnings
ALLOW_PASSWORD_CHANGE=1
export ALLOW_PASSWORD_CHANGE=1

# List all users and set random strong passwords
ls -1 /var/cpanel/users | while read user; do
pass=`strings /dev/urandom | tr -dc .~?_A-Z-a-z-0-9 | head -c16 | xargs`
echo "$user $pass" >> new-pass.txt

# Change the password & update FTP login database
/scripts/ftpupdate
/scripts/realchpass $user $pass

done

As you see, the first part of the script sets a variable, it is needed in order to avoid cPanel warnings while changing the cPanel / FTP password.

The second part of the code, is the one that makes all the magic, it uses string command against /dev/urandom and pipes that with tr and head to get a 16 character strong password.

And the last part of the code simply executes the password change and updates the cPanel FTP login database.

root@server.nixcp.com [~/temp]# sh masschange.sh
Password for “user1” has been changed.
Updating FTP passwords for all users
FTP password files updated.
FTP vhost passwords synced
Password for “user2” has been changed.
Updating FTP passwords for all users
FTP password files updated.
FTP vhost passwords synced
Password for “user3” has been changed.
Updating FTP passwords for all users
FTP password files updated.
FTP vhost passwords synced
...
...
...

Run cat or more againt new-pass.txt to see the new passwords:




root@server.nixcp.com [~/temp]# more new-pass.txt
user1 $S4535ifWT7pFDF
user2 bUDbo_asdf35611c
user3 _1646hbjNnhA~7Goe
...
...
...

All done :), now you know a way to mass change all cPanel account passwords with a single command.

This is the fastest way I’ve found to mass change cpanel passwords, however if you find it’s not safe or feel insecure about running that code in your box, you can always use the traditional cPanel reset password tool as seen on cPanel Documentation.

 

2 Comments

  1. Do you have a solution for a Cpanel user to change all email account passwords within a single cpanel? Currently using a Hostgator account.

Leave a Reply

Your email address will not be published. Required fields are marked *