By default, on a DirectAdmin server, you can access user accounts via http://hostname/~username and http://IP/~username. Via this way, a third party can find out the actual username of a user on the server. You might want to disable this option.
To disable “~username” access:
1. Connect to your DirectAdmin server with SSH
2. Run the three commands:
cd /usr/local/directadmin/custombuild ./build set userdir_access no ./build rewrite_confs
Output example from a test server:
[root@web /]# cd /usr/local/directadmin/custombuild [root@web custombuild]# ./build set userdir_access no Changed userdir_access option from yes to no [root@web custombuild]# ./build rewrite_confs Checking to ensure /etc/httpd/conf/ssl.crt/server.ca is set. Using xx.xx.xx.xx for your server IP Installing Comodo Rule Set for ModSecurity... Updating to latest CWAF client version current version is up to date update process finished! Copying custom ModSecurity rules to /etc/modsecurity.d/... Defaulting to Comodo WAF SecDefaultAction... Installation of ModSecurity Rule Set has been finished. PHP has been secured. Restarting php-fpm74. Restarting php-fpm80. Copying custom ModSecurity rules to /etc/modsecurity.d/... Defaulting to Comodo WAF SecDefaultAction... Restarting apache. [root@web custombuild]#
With the new settings, trying to access /~username you will get a 404 Not Found HTTP error.
Sometimes, users access the ~username/ address to test their site before the nameserver has propagated. To overcome the absence of this option, you can use the hosts file on your computer. Edit the hosts file and temporarily add:
server-IP domain.com www.domain.com
188.8.131.52 plothost.com www.plothost.com