I run a small Ubuntu / Apache server on DigitalOcean. I just looked at netstat -antp and saw a few “ESTABLISHED” connections from China, Hong Kong, Brazil… Should I be concerned? What exactly does it mean if they are “ESTABISHED”? Here’s what I’m seeing:
|Foreign Address|State|PID/Program Nam|
|(Chinese IP address)|ESTABLISHED|5605/sshd: [accepte|
|(Brazilian IP address)|ESTABLISHED|5607/sshd: unknown|
Does this mean someone in China has access to my web server?? Sorry for any ignorance. I do my best to keep my server secure (hence this discover and this post). I’m hoping that I’m just misunderstanding something. Any help is appreciated.