Re: Was I hacked?: webmin note


Subject: Re: Was I hacked?: webmin note
From: Howard Shere (hshere@greendragon.com)
Date: Thu Aug 17 2000 - 21:33:12 MDT


> With the recent webmin discussion, its only proper that i point out
> that unless you installed the ssl perl module and are connecting to
> webmin via https, its also a security hazard for the same reason- the
> user and password for webmin are broadcast plain text (its fine,
> though, if you only connect to webmin via 127.0.0.1). In order to use
> webmin securely, install the ssl perl module, and set up webmin to
> use it.

Also, you can configure webmin to only allow connections from a specified IP
range (say your server and office networks). This even excludes your own
dialup IPs (if you are an ISP like us).

We do this and we just have telnet turned off completely.

With webmin installed there is very little need for an actual command line.

_________________________________________________________________________
 Gridz 1.3 ---- www.gridz.com ---- NetSpace will never be the same again
_________________________________________________________________________
Howard Shere | Green Dragon Creations | Water Valley Interchange
President | 301 N. Main St. | P.O. Box 70
Software Sculptor | Water Valley, MS 38965 | Water Valley, MS 38965
                   | hshere@greendragon.com | hshere@watervalley.net
                   | www.greendragon.com | www.watervalley.net
                   | 1-662-473-4225 | 1-662-473-9209



This archive was generated by hypermail 2a24 : Thu Aug 17 2000 - 21:36:08 MDT