Wiki source for WebminSecurity
===webmin security===
attackers know that "admin" and "root" are default / popular webmin user accounts and may try to guess these passwords
so create a webmin user account with full rights and use webmin to delete all existing "admin" and "root" webmin user accounts
== webmin attacks ==
check for attacks
%%
# grep unauthenticated /var/webmin/miniserv.log
%%
sample buffer overflow attack
%%
10.10.10.10 - - [28/Apr/2008:03:30:42 -0400] "POST /unauthenticated//..%01/..%01/ ...... /..%01/..%01/etc/shells HTTP/1.1" 404 32
%%
----
REFERRERS
{{backlinks}}
attackers know that "admin" and "root" are default / popular webmin user accounts and may try to guess these passwords
so create a webmin user account with full rights and use webmin to delete all existing "admin" and "root" webmin user accounts
== webmin attacks ==
check for attacks
%%
# grep unauthenticated /var/webmin/miniserv.log
%%
sample buffer overflow attack
%%
10.10.10.10 - - [28/Apr/2008:03:30:42 -0400] "POST /unauthenticated//..%01/..%01/ ...... /..%01/..%01/etc/shells HTTP/1.1" 404 32
%%
----
REFERRERS
{{backlinks}}
