Webmin Access by Unknown IPs

OS type and version Debian Linux 11
Webmin version 2.013

I’ve been seeing unknown IPs establishing connection with webmin (at least according to netstat).

When I go to the Running Processes page I see a couple of "perl miniserv.pl miniserv.conf" processes running. Should I be concerned by this? Are these IPs actually logged-in or are these just attempts? Would changing the default webmin port (10000) be a good idea?

Webmin has logs (in /var/webmin) and there is an action log which shows every action anyone takes in Webmin, which you can browse/search within Webmin). You can see who logged in and when and what actions they took.

Though I should also note that if someone logs in as root, they can delete or edit any log on the system.

Thanks. I’ve checked the webmin.log file and as far as I can tell most foreign IPs only have a “failed” / “wrongpass” lines recorded. So I guess they haven’t been able to actually log-in.

I just found it strange that the extra miniserv processes that are on the Running Processes page have been running for days.

/usr/bin/perl /usr/share/webmin/miniserv.pl /etc/webmin/miniserv.conf

I assumed if logins weren’t successful that those processes would die eventually. I guess it’s also possible that those processes aren’t started by login attempts and it’s normal to have a couple of them running.