Security Warning Warning! Webmin has detected that the program https:// was linked to from an unknown URL

3 posts / 0 new
Last post
#1 Sun, 05/26/2019 - 21:01
adamjedgar

Security Warning Warning! Webmin has detected that the program https:// was linked to from an unknown URL

I am unable to login to webmin from outside of my office static ipaddress (ie use a mobile phone as hotspot)

I opened the custom virtualmin port to any external ip address, however, all i get is a white blank screen.

Disabled firewalld and fail2ban.

Browser then produces the following error when i then try to log in with firewalld disabled...

Security Warning
Warning! Webmin has detected that the program https:// was linked to from an unknown URL, which appears to be outside the Webmin server. This may be an attempt to trick your server into executing a dangerous command.
Make sure your browser is configured to send referrer information so that it can be verified by Webmin.

Alternately, you can configure Webmin to allow links from unknown referers by :

Login as root, and edit the /etc/webmin/config file.
Find the line referers_none=1 and change it to referers_none=0.
Save the file.
WARNING - this has the side effect of opening your system up to reflected XSS attacks and so is not recommended!!

If i change my pc to use the static ipaddress, it all works again.

So the questions are... 1. is this the mobile phone being used as a hotspot that is causing this issue? 2. if yes to the above, can someone explain why that is the case? 3. WHMCS support are trying to access my virtualmin system from their ipaddress. I have whitelisted it, but they are experiencing a blank white screen in their web browsers when trying to access my virtualmin system. Are these two issues related? If so, how do i problem solve this so that Virtualmin can be accessed from outside (in my network firewall, and in firewalld i have opened my custom webmin port to any ipaddress)

Mon, 05/27/2019 - 01:57
adamjedgar

Also, I have since tried this with another device, WHMCS in the UK have tried to access webmin....any ip address other than my static here in the office cannot access webmin even if the firewall and fail2ban are disabled.

This error has been reported before a number of times...eg https://sourceforge.net/p/webadmin/bugs/4673/

https://www.virtualmin.com/node/9584

https://sourceforge.net/p/webadmin/discussion/600155/thread/cb9503d6/

https://www.turnkeylinux.org/forum/support/20131230/webmin-security-warning

https://cloudmin.com/node/9981

https://github.com/webmin/webmin/issues/615

https://www.joomlapolis.com/forum/85-hosting-service-discussions/139913-...

I have tried clearing my browser cache and cookies...on mobile device where this problem arises...makes no difference.

AJECreative is the home of $5 webhosting, $15/month VPS servers (1cpu,1gb RAM, 25GB storage)
Centos7, Debian9, or Ubuntu18LTS
Available Control Panels = Centos-Webpanel, Cyberpanel, or Virtualmin

https://ajecreative.com.au

Mon, 05/27/2019 - 02:17
adamjedgar

Ok so i know one of the reasons for this error now.

What i forgot was that i have setup restrictions on access to my webserver in more than one place...fail2ban/firewalld, My VPS provider Network Firewall, and....

Webmin>Webmin Configuration>IP Access Control>"Allowed IP Addresses"

At the top there are 3 options

  1. Allow from All IP Addresses
  2. Only Allow from listed IP Addresses (this is the one i had selected)
  3. Deny from listed IP Addresses

Once i added the external public ipaddresses of the devices that need access (ie my mobile phone and of course whmcs in the uk) all is well again.

Hope this is of help to others

AJECreative is the home of $5 webhosting, $15/month VPS servers (1cpu,1gb RAM, 25GB storage)
Centos7, Debian9, or Ubuntu18LTS
Available Control Panels = Centos-Webpanel, Cyberpanel, or Virtualmin

https://ajecreative.com.au

Topic locked