I have 2 IP addresses shown on my virtualmin dashboard under recent logins. One is my static ip address (STATE = This Login) the second an ip address i do not recognise that logged in about 4 days ago (STATE = Logged In)
So we have this notification panel that shows us logins, what do we do with it? I want to kick this other ip address out and ban it, however, first i want to know what it is. There are no other users showing up in virtualmin, is it one of the wordpress websites users? How do i figure this out?
The logs only date back to beginning of this current month (1 days ago). So this strange IP address logged in 4 days ago.
would be good if the stuff that shows up in Recent logins were links that took an administrator straight to that logged in user information so i could figure out what is going on.
What I would do is immediately is:
change my password and that of any other users. Make all the passwords strong ones.
install CSF/LFD firewall (https://download.configserver.com/csf/install.txt) and add that IP address to the permanent bans.
look in /var/webmin/webmin.log to see what actions were undertaken from that IP address.
What i am after is a link from the recent activity ipaddresses in dashboard and what it is that ipaddress has been doing (ie relevant log/s entries)
You get my drift?
https://ajecreative.com.au