Forum Moderators: phranque
"Due to a security hole in older versions of Webmin, all users should upgrade to 0.970."
If you use the Webmin Linux/Apache web control interface, you probably ought to download and upgrade. The site seems a bit loaded at the moment, and may get worse, so in the meantime, you probably ought to firewall off inappropriate access, if this is possible. Actually, you probably ought to do so, even if there weren't a security issue. Doing so with a firewall is considerably more secure than doing it within Webmin.
With ipchains and default settings, this will do it:
ipchains -A input -j ACCEPT -i eth0 - p tcp --dport 10000 -s [ValidIP_No_1]
ipchains -A input -j ACCEPT -i eth0 - p tcp --dport 10000 -s [ValidIP_Range_1]
ipchains -A input -j ACCEPT -i eth0 - p tcp --dport 10000 -s [ValidIP_No_x]
ipchains -A input -j DENY -i eth0 - p tcp --dport 10000
(For those unfamiliar with ipchains/iptables, order is critical: put the last line first and you'll block ALL access to webmin.)
