Introduction
Changing the default port of DirectAdmin (DA) is a simple yet effective step to enhance your server’s security. By default, DA uses port 2222, which can be accessed through the following formats:http://12.34.56.78:2222/
http://hostname.yourdomain.com:2222/
There are cases where you may need to use a non-secure (plaintext) connection to DA. For example, if your server runs on an outdated operating system that does not support modern SSL standards. In such scenarios, a secure (HTTPS) connection on port 2222 remains available, but you can configure an additional non-secure connection on a different port, such as 2472. However, it is highly recommended to upgrade to a more modern OS that supports newer versions of OpenSSL to maintain optimal security.
By switching to a custom port, you add an extra layer of obscurity, making it significantly harder for attackers to detect and target your DirectAdmin panel. While this measure alone won’t replace the need for strong authentication and firewalls, it is an important component of a comprehensive security strategy.
Steps to Change the DirectAdmin Port Safely
1. Choose a New Port
First, choose a new port for DirectAdmin. For example, port 2472.
Before changing the port in DirectAdmin, you need to allow this port in your firewall configuration.
if you skip this step, you may lose access to the DirectAdmin panel.
2. Adding the New Port to the Firewall
You can add the port to the firewall in two ways:
- Via DirectAdmin Panel
- Via SSH Terminal
Adding the Port via DirectAdmin Panel
- Log in to DirectAdmin with your admin user
- Got to the “Extra Features” tab and click on ConfigServer Security & Firewall.
- In the firewall panel, look for the section csf – ConfigServer Firewall and click Firewall Configuration.
- In this configuration page, find the sections:
- Allow Incoming TCP ports
- Allow outgoing TCP ports
- Add your new port (e.g., 2472) to the lists.
- scroll to the bottom of the page and click the Change button.
- On the next page, click Restart csf+lfd to apply the changes.
Adding the Port via SSH
- Open the terminal and edit the firewall configuration file using the
nanoeditor:nano /etc/csf/csf.conf - Locate the lines:
Allow incoming TCP ports
Allow outgoing TCP ports - Add your new port (e.g., 2472) next to the existing port numbers.
- Save the file pressing Ctrl + X, then Y, and hit Enter.
- Restart the firewall to apply the changes with the following command:
csf -r
3. Changing the DirectAdmin Port
Once the new port is added to the firewall, you can proceed with changing the DirectAdmin port.
- On Ubuntu, DirectAdmin is typically installed in the following directory:
/usr/local/ - The configuration file for DirectAdmin is located here:
/usr/local/directadmin/conf/ - Open the
directadmin.conffile withnano:nano /usr/local/directadmin/conf/directadmin.conf - In the file, look for the line:
port=2222 - Change the value to your new port (e.g., 2472).
- If the port= line is not present, add the following line at the end of the file:
port=2472
Your file should look like this:
Save the changes by pressing Ctrl + X, then Y, and hit Enter.
4. Restarting DirectAdmin
For the new port to take effect, you nees to restart DirectAdmin:
- First, stop DirectAdmin completly:
killall -9 directadmin - Restart DirectAdmin:
sudo systemctl start directadmin
5. Test the New Port
- Open your browser and enter your DirectAdmin panel URL with the new port, for example:
https://your-server-ip:2472 - If the panel opens successfully, return to the firewall configuration and remove the old DirectAdmin port (e.g, 2222) from the allowed list to improve security.
Congratulations! You can now safely use DirectAdmin with your new port.
If you encounter any issue, feel free to ask for help, i’ll be happy to assist!
For more details on accessing the DirectAdmin panel, you can visit the official DirectAdmin documentation.