On Sat, Oct 8, 2011 at 5:50 PM, Thomas Adam <tho...@xteddy.org> wrote: > Not to mention Webmin is a huge security risk, has been for a long > time and a lot of Linux distros for example have long-since dropped > support for it. > > Why would anyone want to even try and use Webmin with anything? Just > don't use it.
Because security is a trade-off for most people. About Webmin security: +1s +1: quick release of patch when vuln is reported +1: update with 1 click -1s -1: seven CVEs in the last four years. -1: very nasty remote vuln in 2006 -1: web-based (being web-based is a -1 in itself) Want to use Webmin and be as secure as possible? -Start it through ssh -Install updates as soon as you log in. -Do what you have to do -Log out + kill process Tips -Do NOT browse the web while logged in -_- -Do not use default port 10000. -Use changedetection.com with webmin.com/security.html Unless someone have a remote 0day and is scanning constantly all ports while waiting for you to enable webmin, you will be safe.