I mean, your IP is being crawled by random bots dozens of time per day, what's the difference between that website and the traffic your IP gets already?
Seriously, this is a laughable concern – if you have a "public facing server" you're already listed in Google, Shodan, being probed by dozens of IPs across the world...
[21/Jun/2021:19:07:19 +0000] "GET / HTTP/1.1" 301 169 "-" "Expanse, a Palo Alto Networks company, searches across
the global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be excluded from our scans, please send IP addresses/domains to: scaninfo@paloaltonetworks.com"
I remember thinking that ads in server logs was a new one to me.
Let me explain, I am not running any services on standard ports. You'd have to do a port scan and find one of the ports running a web service. But they're HTTPs (with unsigned personal certificate keys, mind you) and are password protected.
I still get so. many. random people entering passwords and trying to break in. They don't look like a wordlist or automated bots, they're literally people guessing.
Just because you see a username and password screen after you nmap this public IP, doesn't give you the right to start trying to hack it.
You're making a normative argument; I'm making a positive one.
You ought not try random usernames/passwords on someone's public server, I agree. But if you expose a public server that lets someone type a username/password, you had best be ready for someone to guess values.
