You haven't given us very much in the way to go on here. What service is listening on 25565? Why do you suspect many connections to this port represents an attack? What other services are running? Do you think that the machine has been compromised? If so, is there evidence that the attackers have managed to get root access?
If there is a root compromise, you will need to disconnect it from the network, take images of the running processes, memory, and filesystems, and use them to performa root-cause analysis of how the server was compromised. You'll then need to reimage the server from a known-good backup (you do have backups, right?), close whatever hole(s) allowed the compromise and any others you might have come accross in your analysis, and finally reconnect the server to the network. Since this server is at a dedicated hosting site, to which you do not have physical access, this is a bit tricky, but it can be done. Usually, you want ask the hosting provider to reimage the server, and before starting any services (i.e. using a remote console or the like, which any providers now offer), you would use iptables to block all traffic except from your own IP until the new server is properly configued and hardened.
If, on the other hand, this is not a root compromise but just someone abusing some service you are running, you can block their IP easily using iptables. There are numerous iptables guides scattered around; a quick google should bring you to onw. However, the attacker(s) may simply try again from another IP, in which case you might be able to use something like fail2ban (if the app requires authentication) or OSSEC to dynamically block attack events. This is not necessarily a newbie task, but with a couple howtos it should be possible.
I'd also highly recommend reading through a few system compromise threads and the stickies over at LQ's security forums. There are some very experienced people there who know the right way to deal with security incidents. Their expertise is invaluable; use it.