• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Warning about using Webmin (port 10000)

J

jamesyeeoc

Guest
For those of you out there who have decided to use Webmin on your Plesk server, be advised that several of my honey pot servers have (the last couple of days) been showing signs of dictionary and brute force password attacks happening.

So if you have not already done so (and I *know* you're out there), you should make sure the interface is only accessible from your IP instead of from all/any IPs....

Make sure (obviously) that you have a *strong* password.

Maybe change the default port from 10000 to some other port.

I just love seeing what they try to do when they find a (sacrificial) server which looks exploitable or hackable..... rofl

...and all they're doing is giving me logs full of their IP addresses to report....
 
This happens nightly to my ssh and ftp ports, all they accomplish is filling my logs with denied entries.. ug..
 
Yeah, I figured those occur all the time, so I don't worry about that, but it's not often I see anyone latch onto port 10000 and try to break a password (not as commonly anyways).

You aren't still running your SSH on the default port are you? (if you are, then shame on you!) :)
 
Edit the /etc/ssh/ssh_conf file (or wherever it is on your particular server) and change the Port line to a different number, then restart the sshd service
 
I run mine on the default port, since finding SSH on another port is trivial. A more robust solution would be to use RSA/DSA public key authentication. Then you can disable password authentication completely, so they can try and brute force the port until the cows come home, it would never work.
 
You must log in or register to reply here.

Similar threads

T
Resolved SECURITY - attack surface : ports 7080 and 7081
2
Replies
30
Views
19K
2dareis2do
2
S
Resolved Dovecot Broken After Latest Update
Replies
4
Views
1K
scpcomp
S
Endre
Issue Unable to access the remote backup storage using SFTP
Replies
6
Views
2K
Endre
Endre
duy13
[AntiDDoS] for Plesk Panel with vDDoS Proxy Protection
Replies
0
Views
3K
duy13
duy13
Denis Gomes Franco
Resolved Slave DNS servers and Plesk - My feedback on using external DNS servers
Replies
6
Views
4K
440music
440music
Back
Top