After running Nikto against my new web servers IP to make sure I hadn't missed anything, I was happy to see:

+ 3813 items checked: 0 item(s) reported on remote host

I ran it again against 'localhost' instead of my public IP for sh's and giggles, and got the following:

+ OSVDB-6659: <snip><font%20size=50>DEFACED<!--//--: MyWebServer 1.0.2 is vulnerable to HTML injection. Upgrade to a later version.

Looking it up, this seems to be some kind of P2P server, which I know for a fact I've never dealt with. I don't run anything even remotely P2P related on my servers.

Can scanning localhost pick up results from other folks on the same machine as me?

No.

This looks like a false positive - you are not the first person to unexpectedly encounter this warning.

_________________
/ Peter

My apologies if it has come up here before, I ran a search but didn't turn up any results.

Thank you though, I didn't think it was possible. Just wanted to clarify.