#Several unknown IP addresses tried to do something on the dedicated server ports.

Hello. Over the last week, I've received two reports from my internet provider that they've stopped two malicious attempts from someone doing something on my server. I know they've tried to hit the Project Zomboid ports because these are the only ones I have configured to port forward to the outside world. My question is, what could these malicious actors have done on these open ports? I understand if I had a bad ssh setup, or if I had a misconfigured php server on port 80, but what could they have potentially have done on ports 16261/16262 and what could I do to protect myself?

I think it would depend on what the reports say, but I assume most of the time it would just be port vulnerability scans

They can scan for vulnerabilities on the ports / service that uses the ports, they can DDoS the server as well with floods of packets, or they can even try to guess login attempts on various services running on ports

A lot of these are automated, basically guessing until they hit a vulnerability on a certain IP / port

So I assume that is mainly what your internet provider detected and blocked

Best protection is minimizing attack vectors, so have the least amounts of ports opened, have your OS be up to date, have strong passwords

run it it a container, with it's own IP, preferably on its own network

@velvet axle I could run it in a docker, that would be a pretty good upgrade to security, but what do you mean by it's own network?