@jacksonwages

For a new Droplet, not really, though we can always check a few things to see what’s going on and to see if what’s happening is a cause for concern.

The first thing I would do is check whether your firewall is enabled. If it’s not, some of what you’re seeing could be due to repeated attempts to login by bots or similar. Much of this is and always will be automated, so unless you’re filtering traffic through a firewall, you’re not going to see any reduction.

You can run the command below to see if ufw is enabled.

sudo ufw status

If ufw is not enabled, we need to determine what ports you need open. Most commonly, you should allow ports: 80, 443, and 22 (HTTP, HTTPS, and SSH). We should also setup a default policy to deny connections to any ports that we don’t specifically allow. To do this, we can run:

sudo ufw default deny

Then setup the ports we want to allow access on:

sudo ufw allow 22/tcp \
&& sudo ufw allow 80/tcp \
&& sudo ufw allow 443/tcp

Now we can enable ufw:

sudo ufw enable

It’ll ask you to confirm, simply confirm and your firewall is now enabled and external access will now only be allowed on those 3 ports.

You can also check you logs in /var/log, or the location of your software-specific logs (i.e. Apache, PHP, etc). Look at the access and error logs and see if there’s anything out of the ordinary, such as odd requests for random files, queries with random strings, etc. If you see things like this, while common, it’ll give you an idea of what someone is looking for.

These types of requests, much like attempts to login, are automated and since it’s still traffic to your web server, they will use resources to serve the request. There are ways to filter them, though it really depends on what you’re using (i.e. WordPress?) or something else. I know there are WordPress security plugins that will filter bad requests and there are also ways to do it at the server level.