Security alert webmin users

I am strongly against webmin use in a production environment

but that’s just me… If you are one of the folks who uses webmin for fun or profit and it is exposed to the intertubes take note:
https://sites.utexas.edu/iso/2014/09/09/arbitrary-file-deletion-as-root-in-webmin/

I strongly recommend that if you DO want to use Webmin you change the port it runs on

sed -i ‘s/10000/23765/g’ /etc/webmin/miniserv.conf&&service webmin restart

for example, you will avoid the drive-bys and your firewall would have already caught the port scanners, right? And of course keep your software updated, Webmin now at 1.7

A firewall isn’t going to stop somebody with access to the nmap man page and about an hour to read through the options.

As I said already a decent firewall will notice nmap pointed at it within “name that tune . . .” iterations, It’s called “port-scanning”

There are many methods that will avoid tripping an IDS. Relying on obscured ports is not effective.

Don’t open Webmin to the Internet. Keep it at the most current version. If extra paranoid, start and stop it as needed.

I tried your MitM attack against my firewall which created in iptables among other port specific protections:-

CONNLIMIT tcp opt – in !lo out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:23765flags: 0x17/0x02 #conn src/32 > 1

I don’t believe the stealthy guy got much back from me, perhaps you know better.