Backdoored Webmin
Backdoored Webmin
Yup. Somebody hacked the repo and lots of servers have been vulnerable for over year.
Looks like It's the Sourcforge repo that was spreading the backdoored Webmin.
You can use this Bash script to force reinstall Webmin in all servers on 10.200.100.0/24 network.
#!/bin/bash
# Remote install Script
for ((i=1;i<=254;i++)); do \
ssh -t root@10.200.100.$i "apt install --reinstall webmin -y"; \
done;