Last thursday, my virtualmin with 100 licenses was pnscan, resulted very heavy traffic that no one able to access the server. When I do a ps -ef, saw the pnscan process and aaa process. After I rebooted, both the process gone but I cannot find any pnscan installed in the server. I use the firewall to block port 10000 as I notice it consistently connected to a Ip outside my country where I have no business with. Now I constantly saw port 6697 to a particular IP from the virtualmin . Is there anyway, 1. I can find out which process generate the port6697 out and kill it ? 2. How to find out how pnscan was activated within the virtualmin ?
Virtualmin keep sending port 6697 traffic out