This is a copy/paste from another area where I asked the same question with no reply. Hopefully someone can shed light on this potentially ginormous issue.
After you edit trixbox.conf and comment out the top, the Administrators module works, but it leaves the whole /var/www/html/admin/* file structure wide open. In other words, whereas the substructure is normally unable to be accessed from the internet, upon editing the file, you can type in x.x.x.x/admin/whateveryouwant and see and browse the entire structure. The potential security issues are pretty obvious…
How can I protect my server from unsavory critters, while still utilizing the admin module? Should I add another user in the /usr/local/apache/passwd/wwwpasswd
file, or somehow point that file to the FreePBX user database?
Please help! Thanks ahead of time.