Would it be possible to write a script that would add an iptables rule blocking these ips after 5 or 10 incorrect login attempts, and log them to a file I could show on my website (running on the same machine)? If so, how would I go about doing it?
Edit: just came across this in the log
and a lot more, totally close to 3500 connection attempts by the same ip in 1 day.sshd:
unknown (126.96.36.199): 2859 Time(s)
root (188.8.131.52): 130 Time(s)
Just yesterday looking at the logs, I got nearly 2,000 connect attempts from about 5 different IP addresses.