If your server is hacked or stolen your accounts password, you can use the following script to change all the cpanel accounts password. Change password via WHM and scripts.
WHM >> Account Functions >> Force Password Change then Select All,
then Submit
Change multiple accounts password via the following script /scripts/realchpass
The syntax is
# /scripts/realchpass username password
Use the following shell script to change all the cpanel account password randomly.
vi /root/passch.sh
#! /bin/bash ls -1 /var/cpanel/users | while read user; do pass=`strings /dev/urandom | tr -dc .~?_A-Z-a-z-0-9 | head -c16 | xargs` echo “$user $pass” >> new-pass.txt /scripts/realchpass $user $pass /scripts/ftpupdate done
Save and excute that file.
chmod +x /root/passch.sh
sh /root/passch.sh
You can use random string generate scripts like the following generate passwords.
pass=`date | md5sum | head -c16 | xargs`
pass=`openssl rand -base64 128 | head -c16 | xargs`
pass=`strings /dev/urandom | tr -dc .~?_A-Z-a-z-0-9 | head -c16 | xargs`
In some cases when executing /scripts/realchpass script will showing the following error.
ERROR: /usr/local/cpanel/scripts/realchpass
Invocation changes only the system
password and does not have any effect
on other services associated with your
cPanel account, including FTP, SSH,
WebDAV, and FrontPage. It is strongly
encouraged for you to change the
password via the WHM & cPanel
interface. You can force a password
change through this script by setting
the environment variable
‘ALLOW_PASSWORD_CHANGE=1′.
You can fix the above error by running the following command. After that execute the script again.
# export ALLOW_PASSWORD_CHANGE=1
Another script to change password.
#! /bin/bash for i in `awk -F: '{print $2}' /etc/trueuserdomains` do tmp=`mkpasswd -l 8` /scripts/chpass $i $tmp echo "$i $tmp" >> newpasswds done