Webmin - Security Warning

Macht Webmin-Referrer Check überhaupt Sinn? Durch FakeReferrer kann man es sowieso umgehen.

Security Warning     



Warning! Webmin has detected that the program https://1.2.3.4:10000/webmin/edit_themes.cgi was linked to from an unknown URL, which appears to be outside the Webmin server. This may be an attempt to trick your server into executing a dangerous command.

Make sure your browser is configured to send referrer information so that it can be verified by Webmin.

Alternately, you can configure Webmin to allow links from unknown referers by :

    Login as root, and edit the /etc/webmin/config file.

    Find the line referers_none=1 and change it to referers_none=0.

    Save the file.

WARNING - this has the side effect of opening your system up to reflected XSS attacks and so is not recommended!!

Webmin

Neuen Kommentar schreiben

Hilfe zum Textformat
CAPTCHA
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.

Suche

Neueste Kommentare

  • /etc/my.cnf

    4 weeks 1 day ago
    Transaction isolation level REPEATABLE-READ The recommended level for Drupal is "READ COMMITTED". (Drupal Status Report)

     Edit "/etc/my.cnf" ( under [mysqld] ):

    transaction_isolation="READ-COMMITTED"

    Restart MariaDB / MySQL:

  • Create Sub-Directories with WGET

    1 month ago
    Wget - Eine Webseite rekursive downloaden

    wget -U 'Mozilla/MyUserAgent' -P MyTempDir123 --wait=0.2 --random-wait -nd -r -x -l 4 -e robots=off --reject

  • Ignore Binaries, JS, CSS etc

    1 month ago
    Wget - Eine Webseite rekursive downloaden

    wget -U 'Mozilla/MyUserAgent2024' -P MyOutPutDirectory --wait=1 --random-wait -nd -r -l 2 -e robots=off --reject

  • Intel(R) Xeon(R) E-2288G CPU @ 3.70GHz

    2 months 1 week ago
    CPU benchmarking with sysbench (single-threaded/all cores)

     

    # sysbench --threads="$(nproc)" cpu run

  • AMD Ryzen 7 PRO 3700 8-Core Processor

    2 months 1 week ago
    CPU benchmarking with sysbench (single-threaded/all cores)

    # sysbench --threads="$(nproc)" cpu run

  • Reload .bashrc without logging out

    2 months 1 week ago
    Linux Autovervollständigung - bash autocomplete
    source ~/.bashrc

    Diese Lösung wird empfohlen aber hat bei mir nicht funktioniert.

    Welche Alternative gibt es?

  • Composer + PHP 8.3

    2 months 1 week ago
    PHP-CLI auf PHP8.2 umstellen (für Composer, Drush etc)

    ln -snf /opt/plesk/php/8.3/bin/php /etc/alternatives/php

  • composer.json

    2 months 1 week ago
    Drush Update failed (require php >=8.2)

    In composer.json, update: 

     

  • Empty Flood Table

    2 months 1 week ago
    Drupal: Anmeldung fehlgeschlagen Es hat mehr als 5 fehlerhafte Anmeldeversuche für dieses Benutzerkonto gegeben. Es ist vorübergehend gesperrt. 
    drush sqlq "DELETE FROM flood"

  •  
    Gmail Apps (SMTP Login):…

    2 months 1 week ago
    Drupal SMTP + Gmail funktioniert nicht mehr (Passwort ist richtig); was ist die Lösung?

     

    Gmail Apps (SMTP Login):

    https://security.google.com/settings/security/apppasswords