Subsonic Forum

[mattski]

I'd like to be able to change the main username from "admin" to something else. It seems to me that it's an awfully big security hole to be going around with a username everyone knows. All someone has to do is crack the password alone and they've got the keys to the kingdom.

[grant420]

Can't you simply not allow any players to use the admin account and instead point them to new account(s) you create?

[toolman]

@ mattski: +1. It's impossible to delete rename or disable the admin account and that is indeed a security issue.
@ grant420: Even if you don't use the admin account, it still stays active. So any potential hacker already knows one username. If the password you assigned to the admin account isn't really very strong you are in risk of being hacked. And please don't say that that's very unlikely. I had to block almost all ip-adresses from China because my Subsonicserver was under contstant attack from hackers originating from that country.
Just to state my case; Here is a snippet from my logfile:
[6-1-18 13:26:43 CET] INFO LoginFailureLogger Login failed for [admin] from [61.178.18.191]
[6-1-18 13:51:22 CET] INFO LoginFailureLogger Login failed for [admin] from [23.234.8.52]