Concerns with port scans from random ips
So I setup my first droplet last night and followed the steps to secure SSH and so forth. I then installed ufw and set up a basic firewall, denying everything incoming while leaving a non-standard port open for ssh, which is working just fine for me. When I checked the logs I was somewhat alarmed to see a large number of port scans from all over the place. Mostly they seemed to be looking for 22 or 23 but others popped up as well. I checked those two ports myself, just to be sure the firewall was doing what it was supposed to be doing and all was good. I guess what surprised me was the number I saw as they were coming in about once or twice a minute.
Since my droplet isn’t doing anything yet, I shut it down overnight and when I started working this morning, I was scanned within 15 seconds of booting up! While I’ve played with servers at home, this is my first experience having something really facing the web. So I’m wondering if this is normal behaviour?
A concerned newbie
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.