I set up my firewall to block brute force password attacks, It is disturbing how many attacks one gets. Anyone else see this?

Yeah, I get these every day. I think pretty much any server that has open ports that can be detected with a port scan will have this happen. I use BFD (an add-on for APF firewall) to block any IPs that attempt brute force attacks: http://www.webhostgear.com/60.html

I've reported a couple of the IPs to datacenter abuse teams if they come from datacenters that I think will actually take action.

yea, BFD is a great tool, I use it myself.

BFD and APF are excellent together if you own a web server. I've been using them on many servers with no complaints!

If you mean brute force logins to scripts you might want to make a custom IP blocking tool.

nope, I don't get that just stupid people trying to SSH in. Mostly from the Pacific Ocean, does anyone just ban them all?

Banning an IP block can stop users from seeing your entire server instead of just the attacker. Most of the time an attack will be sent from a zombie server or computer.

Whenever someone tries to login to often with failed attempts I ban their IP. It's a good idea to clear out the banned IPs after a day or two to prevent legitimate users being locked out.

You should setup Logwatch, which notifies you of failed login attempts.

I know, but they mostly are in the subnet of Asia. When I trace them they are from Korea 70%. Like you said it probably is just a zombie server. I do think that most attackers are from asia though.

Well, I on the other hand don't clean up the IP list.
99% is from Asia sadly enough.

Aside from the fact that it's easy to workaround If there
was a performant and easy solution to blocking Asia I would.