Webmin Access by Unknown IPs

SYSTEM INFORMATION
OS type and version Debian Linux 11
Webmin version 2.013

I’ve been seeing unknown IPs establishing connection with webmin (at least according to netstat).

When I go to the Running Processes page I see a couple of "perl miniserv.pl miniserv.conf" processes running. Should I be concerned by this? Are these IPs actually logged-in or are these just attempts? Would changing the default webmin port (10000) be a good idea?

Webmin has logs (in /var/webmin) and there is an action log which shows every action anyone takes in Webmin, which you can browse/search within Webmin). You can see who logged in and when and what actions they took.

Though I should also note that if someone logs in as root, they can delete or edit any log on the system.

Thanks. I’ve checked the webmin.log file and as far as I can tell most foreign IPs only have a “failed” / “wrongpass” lines recorded. So I guess they haven’t been able to actually log-in.

I just found it strange that the extra miniserv processes that are on the Running Processes page have been running for days.

/usr/bin/perl /usr/share/webmin/miniserv.pl /etc/webmin/miniserv.conf

I assumed if logins weren’t successful that those processes would die eventually. I guess it’s also possible that those processes aren’t started by login attempts and it’s normal to have a couple of them running.