Change password for Admin account

Change password for Admin account

by Stephen Bloomer -
Number of replies: 6

I have a concern with the security for the initial Admin account on our Moodle site.  In checking the logs I have seen that someone has attempted to log in using the Admin username with about 50 attempts in the past two days.  I would like to change the password to something a bit more difficult or control when or how that account can be used.  So I have a couple of questions.

1.       Are there any side effects if I do a standard Moodle password change on that account?  Just concerned that the system may use that account to access the db or other areas that might break if I change the password.

2.       Is there a way to lock down that account? Something like can only be logged in from IP Address range 172.16.3.* etc or can we disable the account as we have several other user accounts that have admin rights to the site?

Thanks

Steve

Average of ratings: -
In reply to Stephen Bloomer

Re: Change password for Admin account

by Iñaki Arenaza -
Picture of Core developers Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers
1. There are no side effects at all that I know of smile

2. You can't restrict access on an IP address basis (as of today), but you can disable that account if you already have other user accounts with the admin role.

Saludos,
Iñaki.
Average of ratings: -
In reply to Iñaki Arenaza

Re: Change password for Admin account

by Alex Schallhammer -
I had the same problem with someone trying to login as admin...

Where can I disable the admin account? I don't find a user called "admin".

Thank you!

Alex
Average of ratings: -
In reply to Alex Schallhammer

Re: Change password for Admin account

by Mary Cooch -
Picture of Documentation writers Picture of Moodle HQ Picture of Particularly helpful Moodlers Picture of Testers Picture of Translators
It's perfectly possible you don't have a user called "admin" but someone just tried to log in with the name "admin" to see if they could get into your site. I have been (with permission!) on Moodles where the username for the main admin is kept at "admin" -and the password is also "admin" Easy to hack into then!
Average of ratings: -
In reply to Mary Cooch

Re: Change password for Admin account

by Judy Robison -
My logs show repeated attempts to log in as admin from Russia and Yugoslavia. I don't have an account with the username admin, but this has lead to some interesting speculation about what anyone thinks they want with a HS moodle site!
Average of ratings: -
In reply to Judy Robison

Re: Change password for Admin account

by Paul Fynn -
Yes, we have some unhealthy interest from Russia (check out the IP address on whois) - wouldn't like to speculate on what the interest is smile  )
Average of ratings: -