[Nova]

Good thing is unlike DDos attacks Brute Force attacks are easy keep under control. Even sophisticated attack which use ips all around the world.

All you have to do is use unusual user names, long and complicated passwords ( i use 12 to 16 char combinations ) , ip ban after 3 failed attempts.

[adathu]

How do you control an ongoing brute force attack on your vps ?  I had gone through one I had a managed vps at Hudsonvalley hosting.  fortunately they put more security measures on server to prevent them getting through. Couldnt stop the attack. its was advanced type hitting from multiple ips and locations.

I advise you to create an amazing password like 7GhiZ&^J4PGdO%. You can check how much long it will take to hack this password in many sites. My passwords are stated that it will take 25 million years for a super computer.I also advise you to contact your host to whitelist only your ip and block all the other ips. I am saying that only you should be able to connect to your vps. This is not advisable when you have dynamic ip. If you have dynamic ip, then ask you host to whitelist your region alone.

[amontes]

Hi.

My suggestion is to work with the amount with packets per ip but also reviewing logs and act accordingly.
Using iptables you may limit the burst of packets. Limiting packets on its own is not a good idea as you will shutdown the service but if used along with a logging facility that triggers actions it may be helpful. A logging facility with trigger that I recommend is fal2ban. The combined function would be better. The cherry on top would be ipset tool from netfilter software.
For instance, If you have ssh or rdp port open, and let's say (I've been under this kind of brute force attack) that a guy on a far far country scans your server, he finds rdp port opened so he triggers (maybe automatically) a brute force attack for rdp services. 20 minutes later your password is broken and all the files are encrypted. Only a ransom message is left.
To prevent this, use iptables limit or hashlimit modules so your logging facilities are usable. This may slow down momentarily your service. The slown down time would be the total amount of time that the logging facility writes to the specific log file and the amount of time that fail2ban re-reads the specific log and triggers the defense. At this point fail2ban executes ipset for that specific IP for 2 or 3 days. Then you may list all banned ips using ipset list command just to check false positives.
Using this setup you may protect rdp after 6 or 7 failed loggins by silently dropping the packets using the kernel very efficiently so your precious resources don't get wasted.

[Littlemaster]

I think you may need to change the ip, never share ip address blindly to the public, change your SSH Port to some random number in some intervals, it will decrease this issue.