Change default access port

Are there any restrictions to changing the default port 10000 in Virtualmin Pro to something else? Do registered secondary DNS servers in webmin have to operate at the same port numbers as the primary?

I’ve suffered too many rootkit attacks via port 10000 on older webmin installations to not worry about this.

-Don

No, you can change it to any port you want. You need to make sure you update any other servers you have setup in the Webmin Servers Index.

Hey guys,

noaxis is quite right. Webmin doesn’t care what port it runs on (likewise for Usermin).

Since Webmin security has come up a few times over the past few days, I’ll mention a few aspects of keeping Webmin safe (similar to most root-level services, like ssh and ftp daemons…some extra caution is advised):

  1. Make sure you’re always running the latest version. Jamie has a great record of rolling out security fixes within a day or two, and sometimes even hours, of an exploit being exposed. I’ve never had a Webmin installation compromised, and I’ve probably maintained more Webmin systems than 99% of people (my previous company had several hundred proxy caches in the field, all running Webmin), and the only precaution we took really seriously was updating within 24 hours of a new release–across all systems.

  2. Don’t disable the security features that are enabled by default. Password time outs are in place for a reason (HTTP is stateless, so you can’t use the ssh technique of pausing on a bad password to reduce brute force attacks…you can only disable the account for a short time in the event of repeated bad passwords). SSL is a good thing. Even better if you have a “real” certificate, or make sure you import the correct self-signed cert for your box…identity is about 50% of the value of SSL.

  3. Use strong passwords. 90% of systems that I’ve seen exploited have been because of weak passwords (the other 10% due to bugs in older versions of software–patched versions were available, but the system was running an unpatched version). A strong password is one that is eight or more characters in length, has numbers or symbols and letters, and is not based on a dictionary word. Any variant of “letmein”, “password”, “remember”, etc. are bad passwords and should be changed to something better (I have seen all of these passwords in use on real systems).

Joe,

Could you please clarify…

To change the default Webmin port from 10000 to xxxxx, all we need to do is > Webmin > Ports and Addresses > change 10000 to xxxxx?

There is no need to change anything else, like httpd.conf?

There is no need to change anything else, like httpd.conf?

Correct. Webmin has no relation to Apache or httpd.conf. It has its own web server called miniserv, which is a small web server with exactly the functionality Webmin needs (plus a few neat security and performance features). Because it runs independently of Apache, Webmin can actually manage everything about Apache, including starting and stopping it (something that ran under Apache would lose state during a restart).

If you are using the cluster features you may need to update the ports in the Webmin Servers Index (but maybe not…some of the actions run over an independent port…but anything that involves bouncing the user through to the other server will need to be updated).

Thanks Joe.

I suppose we need to change the firewall setting as well.

I’ve just changed the firewall setting and Webmin default port. Forgot to apply the new firewall setting after replacing Webmin port 10000 with xxxxx, so locked out of Webmin. SSH logged in to “service iptables restart” and all OK again.

I found this video tutorial explaining how to do it,
https://www.youtube.com/watch?v=uO9qXYLF4GU