After setup the ufw firewall, I can see log file on my server.
To test my firewall is set properly, I use the online port scan tool to scan the ports of my server.
The result is correct only port 80 and 22 are open.
Then I try to run a node.js file on my server, and I open the port 8080, then run the port scan again. It shows that 8080 now is open.
The next thing I gonna to do is to figure out those source ip addresses.
All of the sources are coming from 5 places:
Clearly the main visitors are from China, are they keeping spying on me? I don’t know. But both of them are hugo gient related to network in China.
I also installed an Apache web server, so I can also see who visited my web by accessing another file.
Most of the record are GET request. Only one is a POST request. I don’t how to explain his behavior.