My VPS webserver has CSF & LFD installed. I love it. Oddly though, I get about 10-30 blocks every day notifying me of port scanning attacks from all over the world. Is this normal? I never knew that so many hackers look for ways to break into websites! The above is only port scanning attempts, I also get a good bunch of blocks from wrong passwords into root. Crazy!
I also have CSF, the best firewall IMHO. Yes, if you have a busy server, you'll be amazed at the number of hacking etc. attempts a day. You can disable email notifications if they become too much.
Don't worry. This is normal. Only change ssh port and frequently change password if there is failed authentications. Also, disable unneeded ports.
he already installed CSF , so he should not worry about those post scanning and even BrufeForce attacks
We get these type of attacks all the time, it just happens. You can disable notifications if they annoy you.
Port scanning is quite commen. In most cases its footprinting to see if your server has any vulnerable services, but some people just "nmap"(port scanning tool) the internet for fun to see what is out there on the web.
This is commons. Keep watch on the IPs from which country you are getting most attacks. You can block entire country if you don't have any client from attacking country. However, this is infeasible for 99% of the servers. Make sure to change password every 15 to 30 days. You can also configure sudo and have SSH key access.