My digital ocean droplet IP address has been reported multiple times on abuseipdb.com.
I have already setup firewall (ufw) allowing only basic ports:
443/tcp ALLOW Anywhere
6001/tcp ALLOW Anywhere
22/tcp ALLOW Anywhere
443/tcp (v6) ALLOW Anywhere (v6)
6001/tcp (v6) ALLOW Anywhere (v6)
22/tcp (v6) ALLOW Anywhere (v6)
But I'm still getting reports on the mentioned website, for example:
- Unauthorized connection attempt from IP address [IP ADDRESS] on port 9999([IP ADDRESS]:38736->targetIP:9999[tcp])
- (mod_security) mod_security (id:949110) triggered by [IP ADDRESS] (US/United States/-): 5 in the last 14400 secs; ID: lucshow
- port scan and connect, tcp 8080 (http-proxy)
- Unauthorized connection attempt detected from IP address [IP ADDRESS] to port 8888 [J]
The droplet is setup as a webserver for a laravel web application with react front end and closed for the public (only allowed users can login).
System info:
- Ubuntu 18.04
- Apache 2.4.29
- PHP 8.0.5
- MySQL Ver 14.14 Distrib 5.7.34
- Laravel 8.6.0
I don't know where to go from here or how to know if there's an exploit on my site.
Thanks in advance.
