This website is deprecated, and remains online only for historic access to old issues and docs for historic versions of Virtualmin. It has been unmaintained for several years, and should not be relied on for up-to-date information. Please visit www.virtualmin.com instead.
So, as a test, I created a user with NO webmin permissions, only remote RPC. And, it updated DNS. Meaning, anyone on the internet could if those ports are open on my firewall (which they are). I am not so sure this is a good thing, but the obvious solution is to make sure your firewall only accepts RPC calls from the correct master IP. Which I have done now.
I believe they follow the main port.
--
Check out the forum guidelines!
And you would be correct, they DO follow.
So, as a test, I created a user with NO webmin permissions, only remote RPC. And, it updated DNS. Meaning, anyone on the internet could if those ports are open on my firewall (which they are). I am not so sure this is a good thing, but the obvious solution is to make sure your firewall only accepts RPC calls from the correct master IP. Which I have done now.
Is this a bug???
Except it's not a big deal since they would have to have the user and password. So, as long as not plain text, one is fine. Forgot about that. Doh!