This is probably a massive noob question, but Google results aren’t being helpful and I couldn’t find something specific here.
I made this server that just hosts IRC, HTTP and SSH for some friends. I have done this sort of thing before, and to my knowledge everything was fine. But today, minutes after I turn boot up the server properly for the first time, and pretty much for the whole day until I noticed it tonight, I was getting brute-forced via SSH. They were checking from a whole bunch of different IPs, from businesses in places like China and Vietnam, to DigitalOcean’s address.
I had not shared the direct IP with anyone, and The DNS had only been set up for a day or two. There is no way anybody outside of my friend circle (people I trust) would have known that the server existed, and nobody would have any reason to hack me.
So my question is, assuming it wasn’t leaked, how did these people get my IP so quickly, and what would they seek to gain my taking control of my machine?