Today I found a cool way to mass change all cPanel account passwords. This simple script is really useful when you suspect most of your sites are cpanel/ftp compromised and you need to set new passwords really quickly. This tiny script will set new strong random passwords for all your cPanel users, that includes the FTP access for each website.
How can I mass change all cpanel account passwords?
Create a file called masschange.sh
nano -w /root/masschange.sh
Then paste this content inside:
#! /bin/bash # Avoid cPanel warnings ALLOW_PASSWORD_CHANGE=1 export ALLOW_PASSWORD_CHANGE=1 # List all users and set random strong passwords ls -1 /var/cpanel/users | while read user; do pass=`strings /dev/urandom | tr -dc .~?_A-Z-a-z-0-9 | head -c16 | xargs` echo "$user $pass" >> new-pass.txt # Change the password & update FTP login database /scripts/ftpupdate /scripts/realchpass $user $pass done
As you see, the first part of the script sets a variable, it is needed in order to avoid cPanel warnings while changing the cPanel / FTP password.
The second part of the code, is the one that makes all the magic, it uses string command against /dev/urandom and pipes that with tr and head to get a 16 character strong password.
And the last part of the code simply executes the password change and updates the cPanel FTP login database.
[email protected] [~/temp]# sh masschange.sh Password for “user1” has been changed. Updating FTP passwords for all users FTP password files updated. FTP vhost passwords synced Password for “user2” has been changed. Updating FTP passwords for all users FTP password files updated. FTP vhost passwords synced Password for “user3” has been changed. Updating FTP passwords for all users FTP password files updated. FTP vhost passwords synced ... ... ...
Run cat or more againt new-pass.txt to see the new passwords:
[email protected] [~/temp]# more new-pass.txt user1 $S4535ifWT7pFDF user2 bUDbo_asdf35611c user3 _1646hbjNnhA~7Goe ... ... ...
All done :), now you know a way to mass change all cPanel account passwords with a single command.
This is the fastest way I’ve found to mass change cpanel passwords, however if you find it’s not safe or feel insecure about running that code in your box, you can always use the traditional cPanel reset password tool as seen on cPanel Documentation.