Hardening Virtualmin install

OS type and version Ubuntu 20.04
Virtualmin version 6.17-3

So far I have done these steps:

  1. Created ‘admin’ user to use instead of ‘root’
  2. Enabled 2FA for both ‘root’ and ‘admin’ users
  3. Set access control to allow login only from my IP

Am thinking about changing the listening port from ‘10000’ & ‘20000’ to something else, but what?

Anything else I should do?

I don’t think so … I was like you, paranoid, about the security of the panel after changing from plesk a few years ago and to be fair I added a user as well as root to administer the system. Didn’t bother with 2FA, in fact that may not have even been there at the time ! I did not change the webmin/usermin ports and in all that time is a few connections to the 10000 port which appear to be bots port snooping … I run a script to kill the PID’s of non recognised connections once a month as it really is a non problem. One thing I would do is add the fail2ban rule for webmin and make that as robust as you like however take care you may ban yourself :slight_smile:

1 Like

Thanks for the response… I’ll look into the fail2ban tip…

There is already a “webmin-auth” fail2ban filter running on every fresh Virtualmin install. To see it in action, just try to log in repeatedly using a wrong password … and get ready for a 10 minutes ban :wink:


Depends who manage server.
i have few server that i mange myself only.

so i install csf firewall.
open ports 22 and 10000 only from my ips (work , home, and my cloud vps with VPN)
and public open only 80 and 443 for some website.

i feel quite with this configuration (of course in some installation is not praticable)

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.