===webmin security===
attackers know that "admin" and "root" are default / popular webmin user accounts and may try to guess these passwords

so create a webmin user account with full rights and use webmin to delete all existing "admin" and "root" webmin user accounts

== webmin attacks ==
check for attacks

%%
# grep unauthenticated /var/webmin/miniserv.log
%%

sample buffer overflow attack
%%
10.10.10.10 - - [28/Apr/2008:03:30:42 -0400] "POST /unauthenticated//..%01/..%01/ ...... /..%01/..%01/etc/shells HTTP/1.1" 404 32
%%
----
REFERRERS
{{backlinks}}