| SYSTEM INFORMATION | |
|---|---|
| OS type and version | Debian Linux 11 |
| Webmin version | 2.013 |
I’ve been seeing unknown IPs establishing connection with webmin (at least according to netstat).
When I go to the Running Processes page I see a couple of "perl miniserv.pl miniserv.conf" processes running. Should I be concerned by this? Are these IPs actually logged-in or are these just attempts? Would changing the default webmin port (10000) be a good idea?
Webmin has logs (in /var/webmin) and there is an action log which shows every action anyone takes in Webmin, which you can browse/search within Webmin). You can see who logged in and when and what actions they took.
Though I should also note that if someone logs in as root, they can delete or edit any log on the system.
Thanks. I’ve checked the webmin.log file and as far as I can tell most foreign IPs only have a “failed” / “wrongpass” lines recorded. So I guess they haven’t been able to actually log-in.
I just found it strange that the extra miniserv processes that are on the Running Processes page have been running for days.
/usr/bin/perl /usr/share/webmin/miniserv.pl /etc/webmin/miniserv.conf
I assumed if logins weren’t successful that those processes would die eventually. I guess it’s also possible that those processes aren’t started by login attempts and it’s normal to have a couple of them running.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.
