You may have found your error log filled with 404 errors about strange requests that seem like hacking attempts. They are basically harmless, as bots (not humans) probe for bugs in other HTTP servers. It's cheap for them to try, and they do it on every IP address one by one, and eventually they reach you.

While this activity is hardly a security threat for your HFS server, you are better off without it, so you'll save CPU and bandwidth and may even avoid a real attack if a security hole is discovered in HFS itself.

One easy way to avoid most of these requests is to enable "Accept requests only using domain".

This can be effective because the bots (normally) don't know your domain. It is even more effective if only a restricted group of people know your domain.

Another way to get less unwanted traffic is to avoid standard ports and choose an uncommon high port, like a random number between 20000 and 65000.