[burnte]

I ran a machine in a colo for almost four years, public facing web server for a dedicated webapp. I managed to escape any attacks or infections, but I'm positive it was 80% of what I did and 20% that it's a low volume app that never got attention by malicious actors. And I've been in the industry for a long time, not a noob.

[Canada]

Everything is attacked. It's all automated, not personal.

[tomschlick]

Yup install something like fail2ban & setup email alerts. You'll get a new notice every 5 minutes or so for the first month from all the china based bots trying to login via common ssh credentials.

[A010]

I run snort and from its alerts, the bots come from all around the world not all from CN. Though the CN sources are largest.

[protomyth]

I was rather surprised when I had a week where most of the attacks came from Las Vegas and New Hampshire.

[burnte]

Well, true, we did get spam attacks on the app, so I wound up banning huge swaths of the world. I moved SSH to a very high port, only ran apache, sshd, and an SMTP agent (the machine never received email, inbound was handled by GMail). Still, had someone wanted to exploit the PHP app, I'd be surprised if they couldn't find a weakness. It was custom written, but nearly a decade age.

[Canada]

Elite attackers can compromise almost any target, but even they won't bother finding one-off vulnerabilities when the goal is botnet host acquisition. For that only widely deployed vulnerabilities are worth exploiting.

In practice that means you can get away with something as crazy as opening up a password-free root shell on some random high port, but you can't get away with weak SSH logins or unpatched Wordpress sites.