I have a server that is fully exposed to the internet. I am seeing that there are many failed ssh connections and I am sure the same goes for other protocols. I was thinking maybe to throttle the port with iptables to like 1 connection per whatever, which I am not 100% on how to do that so, if someone could point me to the right direction that would be great. I am going to try using MaxStartups in the meantime which might help a little bit. I am open to suggestions though.

There is some form of automated malware (a scanner or "worm") that is currently circulating around the internet. It attempts several very simple username-password combinations (like "admin" "test" etc). Unless you have extremely poor passwords, then you really have nothing to worry about. It doesn't appear to be a true brute force attack.

You can eliminate these ssh login attempts by restricting ssh access to only the hosts you need to provide access. This can be done via iptables or tcp_wrappers (hosts.allow/deny). If you cannot restrict access, then make sure you are using a sensible password policy.

yeah thats what I am seeing. It's test guest admin and user that I am seeing, and those are not accounts on my server so they cant get in anyway. The only one I am concerned about is there were 12 failed login attempts to the root account. I have been blocking the ips as I see them and they all seem to be from either korea or taiwan.

--edit--
maybe disabling the root login from ssh might do the trick and just have one account that can su over.

For more info on this topic, see the post I've stickied at the top of this forum.