Submitted by otis on Mon, 05/30/2016 - 15:32 Pro Licensee
After falling victim to a hack via the webmin vulnerability I restricted webmin access to my own ip.
But I have a couple of virtual servers set up for the use of friends, and now they cannot access their control panels.
Am I right that webmin runs as root no matter what domain name is used to access it? So it seems that I can only limit vulnerability to future root exploits by collecting their ip addresses from the friends and adding them to the access control list, now and whenever their ip addresses change.
Is there something I am missing that would increase security without having to manually add the ip addresses of every virtual server user on a continuous basis?
Submitted by andreychek on Mon, 05/30/2016 - 15:39 Comment #1
It never hurts to increase security. You could setup IP address restrictions, or even two factor authentication.
But yes if you wish to restrict access by IP address, that does mean maintaining an access control list.
Note though that due to the nature of the problem last week, neither of the above would have prevented the problem.
Another alternative would be to change the Webmin port.
Usually bots don't look for software on every port, they just check the typical port.
Submitted by JamieCameron on Mon, 05/30/2016 - 17:00 Comment #2
Actually, IP restrictions would have prevented the recent attack, because they are applied before any theme code gets run.