Would it be possible to write a script that would add an iptables rule blocking these ips after 5 or 10 incorrect login attempts, and log them to a file I could show on my website (running on the same machine)? If so, how would I go about doing it?
Edit: just came across this in the log
and a lot more, totally close to 3500 connection attempts by the same ip in 1 day.sshd:
unknown (18.104.22.168): 2859 Time(s)
root (22.214.171.124): 130 Time(s)
Just yesterday looking at the logs, I got nearly 2,000 connect attempts from about 5 different IP addresses.