How we handle attacks?

Thu Oct 3 12:20:35 UTC 2013

I see in log file of copr-fe-dev a lot of attempts to login as root/postgres/nagios/oracl/test user. Well it is ~4000 
attempts. So it depend on your definition of "lot of". But it caught my attention.

Do we have some standard procedure how to handle it? Add that IPs to blacklist? Move ssh port to non standard number? Or 
should I just ignore them?
-- 
Miroslav Suchy, RHCE, RHCDS
Red Hat, Software Engineer, #brno, #devexp, #fedora-buildsys