Nextcloud 18.0.3
Ubuntu server 18.04 LTS
Apache/2.4.29
PHP/7.4.4
I have just installed nextcloud and noticed connections on ports 80 and 443 which should’nt be there.(monitored with tcptrack)
There are about 4 unique ips each connected to 80 and 443
My question is whether there is any additional steps should take in order to harden my server from attacks (like geo blocking).
I have the ssh port blocked on the router and have logins through passwords disabled.
And for apache I have enabled HSTS header and set “Options -Indexes” in vhost for port 443 and have “serversignature off” and “servertokens prod” set for both vhosts on port 80 and 443.
If you don’t need any connections from those regions, you can block all the IP blocks used by their RIRs. It’s a bit of a list, but it will dramatically cut down on potential hacking attempts.
Random connection attempts and scans on the internet are very common. Your server will be targeted within moments of coming online. Set up your server with the assumption that the whole internet is going to poke it with a stick. Make sure all accounts use 2FA.