On Sat, Oct 8, 2011 at 5:50 PM, Thomas Adam <tho...@xteddy.org> wrote:
> Not to mention Webmin is a huge security risk, has been for a long
> time and a lot of Linux distros for example have long-since dropped
> support for it.
>
> Why would anyone want to even try and use Webmin with anything?  Just
> don't use it.

Because security is a trade-off for most people.

About Webmin security:
+1s
+1: quick release of patch when vuln is reported
+1: update with 1 click

-1s
-1: seven CVEs in the last four years.
-1: very nasty remote vuln in 2006
-1: web-based (being web-based is a -1 in itself)

Want to use Webmin and be as secure as possible?
-Start it through ssh
-Install updates as soon as you log in.
-Do what you have to do
-Log out + kill process

Tips
-Do NOT browse the web while logged in -_-
-Do not use default port 10000.
-Use changedetection.com with webmin.com/security.html

Unless someone have a remote 0day and is scanning constantly all ports
while waiting for you to enable webmin, you will be safe.

Reply via email to