I tried to track to which url they are targeting.
But i am surprised to see that

How is it possible. How to secure this?

hello agriz,
what makes you think it is an attack ?
is this new server replacing a previous setup ?
are you using an ip address that belonged to someone else before ?

that server could have been setup to probe for the ip address you are using now
from previous usage. My firewall reports blocked traffic all day.
and your server is going to be a lot more attractive once 1 or more services may be running.
Blocked traffic does not mean cracking attempts perse.

however the ip address used can be traced
http://whatismyipaddress.com/ip/180.76.6.37
which shows that it is from china
and many cracks may seem to originate from china.

To prevent such from happening you could block ip regions that are often used to originate attacks from.
that means large blocks of addresses are being prevented from accessing your server.
The downside is that potential customers from those areas cannot reach you.
but if you do not have any intentions doing business with them this makes life a lot eassier.

Blocking ranges does have the downside that it takes up memory and performance to connect to your server.

just spoke with the host.
someone who used it before i buy was using that ip range 180.76.

Any server connected to a public network WILL get bombarded with attempts to probe it. The probes are looking for vulnerabilities to exploit with the ultimate goal of obtaining root level control over your system. Your objective is to not give them any.

An important part of the process is developing an awareness of these "attacks" and it looks like you may have picked up evidence of one. What you need to do to protect against these probes and attacks depends upon what server processes you are running as each one has unique weaknesses and methods to secure it.

I would recommend that you start by reading through the security references section here, especially the introductory parts to start getting an understanding of how to approach server security.

If you need help with this particular case, please post actual data, such as portions of log files, and describe the symptoms, problems, etc and be verbose in your descriptions.

If it was a used system then it can't be secure at all. What do you mean the person you got it from used the 180.x.x.x ip number?

there are a couple of things you could install to help keep some of the attackers out, but wont do it 100%

a few i use are
Fail2Ban http://www.fail2ban.org - scans log files and bans IPs that show the malicious signs; too many password failures, seeking for exploits, etc
Aide http://aide.sourceforge.net/ - Advanced Intrusion Detection Environment - basically a file integrity checker
Jailkit http://olivier.sessink.nl/jailkit/ - is another good one this will chroot your SSH users to certain folders and commands

theres many others but look into a few of these they might be able to help out a bit

Well, of course you start by wiping the system clean and doing a "minimal" install. Of course you don't use systems like Plesk ...

Bind is keep banning those IPs. I can see it from system messages.
Also, They are just targeting the IP. So i just sent those banned ip to null page.

query (cache) 'some-external-site.com' denied

this is system log message