Should I be worried about unusual SSH login attempts from unknown IP addresses?
I've been monitoring my server's SSH logs and noticed a steady stream of login attempts from unknown IP addresses, mostly from different countries.
Heaps and heaps of account names are tried, and with some quick server stats I'd say, at least a quarter of the time they are valid usernames, which seems too coincidental to me. This may seem lucky, but there aren't that many common names such as 'John' in my system, as, without going into the details, my application is mostly for work, and people usually use their full names for formality.
No attempts have succeeded so far. Luckily my server has a strong password policy, and I've enabled two-factor authentication for all users.
How worried should I be about these attempts? Are they likely part of a botnet or a targeted attack? Are there any additional security measures I can take to prevent unauthorized access? I'm concerned about potential security risks and want to ensure my server remains secure.
So is this something I actually should be worried about, or am I just being paranoid and should I just ignore them?
