Sam's Tech Blog

You can check out any time you like, But you can never leave!'

2019-08-23

Backdoored Webmin

Backdoored Webmin

Backdoored Webmin

Yup. Somebody hacked the repo and lots of servers have been vulnerable for over year.

Looks like It's the Sourcforge repo that was spreading the backdoored Webmin.

You can use this Bash script to force reinstall Webmin in all servers on 10.200.100.0/24 network.

#!/bin/bash

# Remote install Script

for ((i=1;i<=254;i++)); do \

ssh -t root@10.200.100.$i "apt install --reinstall webmin -y"; \

done;