Connections from china, russia... through port 80 and 443

Nextcloud 18.0.3
Ubuntu server 18.04 LTS

I have just installed nextcloud and noticed connections on ports 80 and 443 which should’nt be there.(monitored with tcptrack)

There are about 4 unique ips each connected to 80 and 443

My question is whether there is any additional steps should take in order to harden my server from attacks (like geo blocking).

I have the ssh port blocked on the router and have logins through passwords disabled.
And for apache I have enabled HSTS header and set “Options -Indexes” in vhost for port 443 and have “serversignature off” and “servertokens prod” set for both vhosts on port 80 and 443.

If you don’t need any connections from those regions, you can block all the IP blocks used by their RIRs. It’s a bit of a list, but it will dramatically cut down on potential hacking attempts.

Random connection attempts and scans on the internet are very common. Your server will be targeted within moments of coming online. Set up your server with the assumption that the whole internet is going to poke it with a stick. Make sure all accounts use 2FA.

1 Like

Or you get yourself a firewall like Pfsense that can do that amongst many other things.

I like Fail2ban. It blocks IPs which attempt multiple connections, according to your configuration.