Random connections to stats.pl?

Virtualmin
1

My stats.pl seems to be the #1 load on my server, typically about 2-4%. Not such a problem by itself, but I’m wondering what all these random connections to the open port 555 are from outside? I always have 3-4 connections to port 555 from the outside, and they look like bots and other things.

Why is port 555 open? What external, unauthenticated service is stats.pl providing? I can connect from outside, but it doesn’t seem like it’s talking HTTP. But why is it open at all?

SYSTEM INFORMATION
OS type and version Ubu 22.04
Webmin version 2.202
Virtualmin version 7.30.4 Pro
Webserver version 2.4.52
2

That’s a WebSocket service for providing streaming system stats (it provides the data that makes the moving graphs in the dashboard).

What makes you think it’s unauthenticated? As far as I can tell, you’ll only get an error if you don’t have an active Webmin administrator session: authentic-theme/stats.pl at f46b793e0289cda340025bd66abb71509ddfd5ad · webmin/authentic-theme · GitHub

3

I’m just wondering why it’s open to the world if it’s only used locally. It looks like it gets lots of bots/crawlers poking at it for no reason.

I don’t think it’s affecting load / memory (though it does seem very big, almost as big as MariaDB in RES), but it seems to attract bots.

4

It’s not used locally, unless you’re running your browser on the server. A WebSocket connection is made from your browser to the Webmin system to stream the data for the moving graphs.

I would like to see its footprint reduced, though. It’s too big for what it does, but I don’t see obvious paths for how to shrink it, though much of it should be shared libraries, since it’s all the same libraries as all the other Webmin processes.

5

Got it, thanks Joe.

While I have you, two last q’s:

  1. Is it also used for the /virtual-server/pro/history.cgi graph?
  2. If I don’t care about the real-time graphs (and the history graph above, if used), can I disable it?

Thanks,
Eric.

6

It is only used for realtime stats. Those are not realtime.

Of course. It’s in Theme Configuration (there’s a gear :gear: icon in the bottom right of the right pane) under Dashboard and realtime monitoring.

image
image1287×1007 104 KB

7

Thanks much!

Eric.

8

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.