Mass Security Detections on UXG-Lite and Nginx?

[ZeusXI]

I have a UGX-Light from Ubiquiti, and I have a server running unraid behind it. I do have Nginx running in a docker which allows me to use overseer externally and the plex users I have (only like 3 family members).

 

So I was playing around with just looking around, and I noticed that there is a "Security Detections" tab. So I clicked it out of curiosity and I am seeing all of these detections to my unraid server to the ports that I have allocated to my Nginx docker. Thats how I found out what app was being hit. 

 

Now all of these are coming from the US, Netherlands, Russia, etc. I have the Overseer going through a VPN, so not sure what is going on here. 

 

Can you please help me troubleshoot and figure out how to reduce how many connections are trying to get to my Nginx docker?

[manikyath]

if you have a web server running on a common port accessible from your public IP (80, 443, and probably some alt ports too, by now) it's sort of 'normal' to see a handful of crawlers per day poking those ports on every IP in the IPv4 range.

[Eigenvektor]

What type of connections are you talking about specifically? If you have a web server on the internet, bots trying to break into it is completely normal. Mine has a ton of log messages from people trying to access e.g. phpmyadmin (which isn't installed, but they can't know that, so they try anyway)

 

You can try to mitigate by using tools like fail2ban, which works by parsing log messages and then blocks IPs on the firewall if e.g. they attempt to sign in unsuccessfully a certain number of times.

[LIGISTX]

If you have ports that are open, bots are going to be poking at them 24/7/365. 
 

I used to expose SSH on port 22, I’d have hundreds of failed SSH attempts a day, mostly bits trying credentials like admin, root, pi, user, etc. I use RSA keys exclusively, but that doesn’t stop bots from poking… fail2ban does stop them tho