I wouldn't know anything about web-based administration tools. They have a place, but not on any of my servers. Security risk. The easy way is to block the port on the router and setup a firewall on the machine that blocks all access from non-LAN IPs. If you have IPv6 enabled, be certain to do that for IPv6 addresses too.
Well, that is exactly the behavior I'm saying you shouldn't allow. Disable that access until you learn how to block it for everyone else. Until you learn that, you aren't ready, grasshopper.