Currently I'm running Webmin 1.50 on a FreeBSD 4.9
I've noticed over the past couple of weeks an increase
in "SEARCH /\x90\x02\xb1\x02\xb1\x02..." coming uip in
my weblogs. The string itself seems to be a
Bufferoverflow attack from "infected" machines in China
(and slowly spreading)
I think the attack itself is just designed to attempt to
overflow any servers that happen to be running on those
ports since the total lengh of the URL is 32Kb's in weight.
Admittedly Apache had problems dealing with it,
Virtualhosts were getting dropped and then coming back
up as it dealt by killing it's Child processes.
However Webmins current server build couldn't handle
the attack in the same way, which causes it to
completely fail and even lock itself from being restarted.
I hope this information is accurate enough to help the
future development of Webmin.