Walter Messages: 865 Registered: February 2009 Location: Florianopolis / BR
Senior Master Forum Moderator LxCenter Project Manager
It is not a security risk but disabling admin in favor of an Auxiliary login improves security.
In theory, one could attempt to brute-force "admin" password using several proxies regardless of LxGuard limit as it blocks based on the requesting IP. With an arbitrary login, the attacker would have to guess both login name and password and that is impossible as the number of proxies higher than the ammount of available IPv4 available.
The problem is WHMCS that forces you to use "admin" and standard ports 7777/7778. No auxiliary or reseller accounts.
But you could use Lighttpd rewrite rules (in lxlighty) to change the user from admin to something else. Probably better with mod_magnet if you rebuild the lxlighttpd package with lua support.
It's a hack, but better than wait for WHMCS coders to update "LxAdmin" plugin.