Due to a security hole in Webmin, all users should upgrade to version 1.070

http://www.webmin.com/changes.html

Version 1.070 (20 Feb 2003)
Fixed a serious security problem that allows unauthenticated remote access to Webmin

Added find and replace and goto line support to the File Manager module's editor

Init scripts created by Webmin on Linux now start in runlevels 2, 3 and 5, instead of just the current runlevel

Fixed a bug that caused problems when logging in on OSX, and stopped Java applets from working under IE

Added an ACL option in the Sendmail module to control which domains can be seen in the mail queue

Added a mode in the Webmin Servers Index to prompt for a logging when connecting to a server

This is a visable and real threat currently being exploited with unground code. No real working exploit code for this issue has been released into the public domain as such if you have yet to update Webmin on your systems, you will eventualy be scanned and probly have webmin exploited.

Good habbit when setting up Webmin also reduces your exposure, by changing the default port to something other than TCP port 10000. To that effect enabling the SSL feature in Webmin by installing the Net::SSLeay module for perl. Likewise, the login for webmin should be set to something other than root. Set a pass and change the username for webmin login.

Again it should be stressed that you update your webmin install ASAP.