What types of attacks try people on this Linux server?

It is not very difficult for me to stay ahead of security holes in my server and attackers. See graph below (Yes, I monitor log files to my webserver with Amazon CloudWatch).

See these peaks? If you have around 100-200 requests on webserver per day it is unusual to get one day 1.000 requests. Some crawlers are like crazy (mainly these SEO crawlers searching for backlinks, Google is ok) but mostly you can look for exact time of a peak and search through logfile using CloudWatch Logs.

80.0.34.227 - - [20/Sep/2017:09:40:28 +0200] "HEAD http://52.17.141.184:80/mysql/sqlmanager/ HTTP/1.1" 404 195 "-" "Mozilla/5.0 Jorgee"
80.0.34.227 - - [20/Sep/2017:09:40:28 +0200] "HEAD http://52.17.141.184:80/mysql/mysqlmanager/ HTTP/1.1" 404 195 "-" "Mozilla/5.0 Jorgee"
80.0.34.227 - - [20/Sep/2017:09:40:29 +0200] "HEAD http://52.17.141.184:80/phpmyadmin/ HTTP/1.1" 403 195 "-" "Mozilla/5.0 Jorgee"
80.0.34.227 - - [20/Sep/2017:09:40:29 +0200] "HEAD http://52.17.141.184:80/phpMyadmin/ HTTP/1.1" 404 195 "-" "Mozilla/5.0 Jorgee"
80.0.34.227 - - [20/Sep/2017:09:40:29 +0200] "HEAD http://52.17.141.184:80/phpMyAdmin/ HTTP/1.1" 404 195 "-" "Mozilla/5.0 Jorgee"
80.0.34.227 - - [20/Sep/2017:09:40:29 +0200] "HEAD http://52.17.141.184:80/phpmyAdmin/ HTTP/1.1" 404 195 "-" "Mozilla/5.0 Jorgee"
80.0.34.227 - - [20/Sep/2017:09:40:29 +0200] "HEAD http://52.17.141.184:80/phpmyadmin2/ HTTP/1.1" 404 195 "-" "Mozilla/5.0 Jorgee"
80.0.34.227 - - [20/Sep/2017:09:40:29 +0200] "HEAD http://52.17.141.184:80/phpmyadmin3/ HTTP/1.1" 404 195 "-" "Mozilla/5.0 Jorgee"
80.0.34.227 - - [20/Sep/2017:09:40:29 +0200] "HEAD http://52.17.141.184:80/phpmyadmin4/ HTTP/1.1" 404 195 "-" "Mozilla/5.0 Jorgee"
80.0.34.227 - - [20/Sep/2017:09:40:29 +0200] "HEAD http://52.17.141.184:80/2phpmyadmin/ HTTP/1.1" 404 195 "-" "Mozilla/5.0 Jorgee"

So you see these attacks. They are usually not professional but you get an idea of weak spots on your server. Mostly attackers are searching for phpmyadmin which I use but to be totally honest – it is available only behind my OpenVPN server so you won’t get much success with it.

From my experience I have moved most of important services behind VPN, implemented modsecurity apache plug-in and so on. So hope I won’t get hacked anytime soon (it actually never happened). I also use automatic security updates for my Ubuntu server so it is not propable that you will find some bug in apache etc…