Since putting fail2ban in place, nearly all of the brute force password attacks have been out of China, a handful from Viet Nam.
Hi, The IP 58.215.172.27 has just been banned by Fail2Ban after 5 attempts against SSH. Here are more information about 58.215.172.27: [Querying whois.apnic.net] [whois.apnic.net] % [whois.apnic.net] % Whois data copyright terms http://www.apnic.net/db/dbcopyright.html % Information related to '58.208.0.0 - 58.223.255.255' inetnum: 58.208.0.0 - 58.223.255.255 netname: CHINANET-JS descr: CHINANET jiangsu province network descr: China Telecom descr: A12,Xin-Jie-Kou-Wai Street descr: Beijing 100088 country: CN admin-c: CH93-AP tech-c: CJ186-AP mnt-by: APNIC-HM mnt-lower: MAINT-CHINANET-JS mnt-routes: MAINT-CHINANET-JS remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+ remarks: This object can only be updated by APNIC hostmasters. remarks: To update this object, please contact APNIC remarks: hostmasters and include your organisation's account remarks: name in the subject line. remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+ status: ALLOCATED PORTABLE changed: hm-changed@apnic.net 20050624 source: APNIC role: CHINANET JIANGSU address: 260 Zhongyang Road,Nanjing 210037 country: CN phone: +86-25-86588231 phone: +86-25-86588745 fax-no: +86-25-86588104 e-mail: ip@jsinfo.net remarks: send anti-spam reports to spam@jsinfo.net remarks: send abuse reports to abuse@jsinfo.net remarks: times in GMT+8 admin-c: CH360-AP tech-c: CS306-AP tech-c: CN142-AP nic-hdl: CJ186-AP remarks: www.jsinfo.net notify: ip@jsinfo.net mnt-by: MAINT-CHINANET-JS changed: dns@jsinfo.net 20090831 changed: ip@jsinfo.net 20090831 changed: hm-changed@apnic.net 20090901 source: APNIC changed: hm-changed@apnic.net 20111114 person: Chinanet Hostmaster nic-hdl: CH93-AP e-mail: anti-spam@ns.chinanet.cn.net address: No.31 ,jingrong street,beijing address: 100032 phone: +86-10-58501724 fax-no: +86-10-58501724 country: CN changed: dingsy@cndata.com 20070416 changed: zhengzm@gsta.com 20140227 mnt-by: MAINT-CHINANET source: APNIC % This query was served by the APNIC Whois Service version 1.69.1-APNICv1r0 (WHOIS1) Regards, Fail2Ban