tcp scan from China


I am confident that if anyone watches activity to their public facing web servers, they will see many requests from China. I see 50+ http & https hits every hour to my web servers from China.

Does not appear to be any successful login occurring.  Can someone offer suggestions of what might be happening?
Would it be Reconnaissance and then eventually human intervention will try to break in?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

andreasSystem AdminCommented:
Could be so many things, could be some search crawlers, from search engines, or from the great firewall. Could be some service that mirrors content. Could be traffic to find out if you run and or host vulnerable software / CMS systems. Could be trying some standard usernames /passwords to login to your server/CMS. So please be a little bit more specitif what you are seeing in your logs.

To prevent your server gets owned, its ALWAYS necessary to run the latest versions of your Software on the server. starting with all Pathes for the OS and the Web-Server software, incluging Plugins and scripting languages and also all parts of your CMS.

Furthermore do not use any standard/default passwords or passwords that can be cracked via a dictionary attack. That means all yout passwords need to be at least 9 characters and made of a random selections of numbers, characters and symbols, do not use Words based on words in ANY language. A good password would be looking like this: Agpwb1LT!
Zacharia KurianAdministrator- Data Center & NetworkCommented:
Well, the hard way is to block country host (china) in your firewall, if you do not intend to do business with china. I have seen some companies who do not have any business interest with China, do block the country host-china in their fire walls.  Also you could manually block those Chinese IPs by creating ACLs in your perimeter router or ask your ISP to take necessary precautions.

But above all, as stated by @andreas, you should be up to date with patches, defensive precautions and strong password policies etc... In additions to these, always generate auditing details of your servers.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.