You will be in for a surprise once you learn about tcpdump ;-) Welcome to internet hosting!

Have SSH open.

There are thousands of reasons.

Get yourself crowdsec and the background noise of the web will be reduced in secounds

I once had a Senior Infrastructure Engineer looking at the logs of our public VPN host. A VPN host that is open to the world on 0.0.0.0/0 because that’s the requirement we had. This Engineer saw thousands of failed login attempts to the VPN; things like admin/admin admin/password1 etc. Regular internet crap, a bot will scrape the web page and try its luck then move on.

This person then decided to initiate security breach procedure and immediately shut down the VPN, because “we’d been hacked!”.

There’s a lot of noise on the internet. The challenge is working out the best way to isolate your resources just enough and block anything that doesn’t need access. This is why things like Web Application Firewalls exist.

Just about anyone can spin up resources in AWS and do whatever until they’re caught.

It will likely be some sort of crawler

Pro tip set up user agent blocks in nginx and have it respond with a 444 it will have nginx stop responding instead of giving a 403. Block anything under chrome 100.

And?

You can also use the free version of cloudflare to block ddos, block traffic from certain countries, create page rules etc