Blocking Chinese IP addresses

You can try Wizcraft's block list, and format it accordingly. At the time of my post, this blocklist was last updated on Thursday, 24-Dec-2015 11:01:52 MST. Keep in mind, Taiwan is not part of Mainland China, but that Hong Kong now belongs to, and is controlled by Beijing.

If you only use your server in America exclusively, you could use all of those rules to block attackers. If not, edit out the ones you don't want, and keep the ones you do.

Also keep in mind, this will not stop attackers from connecting to a VPN in a country of their choice, and once again attempting to login as root. This is merely a band-aid.

EDIT - BadSkillz and Jenny D have recommended fail2ban. This will probably be a better solution overall, but it probably wouldn't hurt to use both methods.

I also find it disturbing to see these low brow brute force login attempts and sadly yes they are mostly from China ( 'Vacuum cleaner' espionage ) - Good news is the solution is simple - only permit login to your server using SSH keys which then enables you to disable passwords as a login method

First create your secure SSH keys :

see doc for linux/OSX/Windows https://help.github.com/articles/generating-a-new-gpg-key/

in a terminal on your local box issue

ssh-keygen -t rsa -b 4096 -C "[email protected]"

this will prompt you for a password (remember it) ... it will create a private and public key pair of files

private file  /home/mylogin/.ssh/id_rsa_supermoon
public file   /home/mylogin/.ssh/id_rsa_supermoon.pub

These files are now local to your machine ... just copy the public file onto your remote server and place into file (or append to)

/home/mylogin/.ssh/authorized_keys

assure it has proper file permissions on remote host

chmod 700 /home/mylogin/.ssh
chmod 600 /home/mylogin/.ssh/authorized_keys

Now back on your local host issue this to ssh login to your remote box

# only need to issue this set of 3 cmds once on same terminal
export REMOTE_IP=1.2.3.4 # your remote host IP
eval $(ssh-agent)
ssh-add ~/.ssh/id_rsa_supermoon  # enter same password as above

ssh mylogin@${REMOTE_IP}

* Start of Optional ------------ *

PS - sick of password prompts on every ssh then put this into your local ~/.bashrc

if [ ! -S ~/.ssh/ssh_auth_sock ]; then
  eval $(ssh-agent)
  ln -sf "$SSH_AUTH_SOCK" ~/.ssh/ssh_auth_sock
fi
export SSH_AUTH_SOCK=~/.ssh/ssh_auth_sock
ssh-add -l | grep "The agent has no identities" && ssh-add ~/.ssh/id_rsa_supermoon

------------ End of Optional

IMPORTANT - confirm you can correctly login using ssh ... ONLY then on your remote host edit the ssh config file

sudo vi /etc/ssh/sshd_config  
# PasswordAuthentication yes   # we do NOT want yes if ssh keys work
PasswordAuthentication no

to engage above config file change on remote host just bounce ssh server :

sudo service sshd restart  # (systemd ONLY) this does not kill your login session

Done - You will immediately see no more such brute login attempts since your remote host now summarily ignores password attempts and those guttersnipes will crawl away to pester someone else's unprotected server