Urgently need your help again sir. About against cracker . !!

I feel that my server was scaned by someone ( ex. cracker ) so look
below sir.
How i can i do for protect my server ? Please help me sir
Thank you for advance sir.

PS. My Server system need ssh server ( 22 port ) for remote access sir.
How can i do next for against cracker sir ?
How can i stop cracker for this event . sir

============================================
This is example message for auth.log (/var/log/auth.log )
============================================

Apr 8 06:21:34 jenus sshd[10952]: Did not receive identification
string from ::ffff:210.241.255.73
Apr 8 06:33:39 jenus sshd[10953]: Invalid user jordan from
::ffff:210.241.255.73
Apr 8 06:33:39 jenus sshd[10953]: error: Could not get shadow
information for NOUSER
Apr 8 06:33:39 jenus sshd[10953]: Failed password for invalid user
jordan from ::ffff:210.241.255.73 port 3599 ssh2
Apr 8 06:33:46 jenus sshd[10955]: Invalid user michael from
::ffff:210.241.255.73
Apr 8 06:33:46 jenus sshd[10955]: error: Could not get shadow
information for NOUSER
Apr 8 06:33:46 jenus sshd[10955]: Failed password for invalid user
michael from ::ffff:210.241.255.73 port 3703 ssh2
Apr 8 06:33:54 jenus sshd[10957]: Invalid user nicole from
::ffff:210.241.255.73
Apr 8 06:33:54 jenus sshd[10957]: error: Could not get shadow
information for NOUSER
Apr 8 06:33:54 jenus sshd[10957]: Failed password for invalid user
nicole from ::ffff:210.241.255.73 port 3809 ssh2
Apr 8 06:33:59 jenus sshd[10959]: Invalid user jordan from
::ffff:210.241.255.73
Apr 8 06:33:59 jenus sshd[10959]: error: Could not get shadow
information for NOUSER
Apr 8 06:33:59 jenus sshd[10959]: Failed password for invalid user
jordan from ::ffff:210.241.255.73 port 3848 ssh2
Apr 8 06:34:02 jenus sshd[10961]: Invalid user daniel from
::ffff:210.241.255.73
Apr 8 06:34:02 jenus sshd[10961]: error: Could not get shadow
information for NOUSER
Apr 8 06:34:02 jenus sshd[10961]: Failed password for invalid user
daniel from ::ffff:210.241.255.73 port 3921 ssh2


....
Apr 9 02:25:45 jenus sshd[6571]: error: Could not get shadow
information for NOUSER
Apr 9 02:25:45 jenus sshd[6571]: Failed password for invalid user
peter from ::ffff:221.2.232.28 port 46685 ssh2
Apr 9 02:25:48 jenus sshd[6573]: Invalid user peter from
::ffff:221.2.232.28
Apr 9 02:25:48 jenus sshd[6573]: error: Could not get shadow
information for NOUSER
Apr 9 02:25:48 jenus sshd[6573]: Failed password for invalid user
peter from ::ffff:221.2.232.28 port 46781 ssh2
Apr 9 02:25:53 jenus sshd[6575]: Invalid user smmsp from
::ffff:221.2.232.28
Apr 9 02:25:53 jenus sshd[6575]: error: Could not get shadow
information for NOUSER
Apr 9 02:25:53 jenus sshd[6575]: Failed password for invalid user
smmsp from ::ffff:221.2.232.28 port 46858 ssh2
Apr 9 02:25:56 jenus sshd[6577]: Invalid user unknown from
::ffff:221.2.232.28
Apr 9 02:25:56 jenus sshd[6577]: error: Could not get shadow
information for NOUSER
Apr 9 02:25:56 jenus sshd[6577]: Failed password for invalid user
unknown from ::ffff:221.2.232.28 port 47049 ssh2
Apr 9 02:25:58 jenus sshd[6579]: Invalid user smmsp from
::ffff:221.2.232.28
Apr 9 02:25:58 jenus sshd[6579]: error: Could not get shadow
information for NOUSER
Apr 9 02:25:58 jenus sshd[6579]: Failed password for invalid user
smmsp from ::ffff:221.2.232.28 port 47136 ssh2
Apr 9 02:26:01 jenus sshd[6581]: Invalid user smmsp from
::ffff:221.2.232.28
Apr 9 02:26:01 jenus sshd[6581]: error: Could not get shadow
information for NOUSER
Apr 9 02:26:01 jenus sshd[6581]: Failed password for invalid user
smmsp from ::ffff:221.2.232.28 port 47215 ssh2
Apr 9 02:26:03 jenus sshd[6583]: Invalid user smmsp from
::ffff:221.2.232.28
Apr 9 02:26:03 jenus sshd[6583]: error: Could not get shadow
information for NOUSER
Apr 9 02:26:03 jenus sshd[6583]: Failed password for invalid user
smmsp from ::ffff:221.2.232.28 port 47296 ssh2
Apr 9 02:26:06 jenus sshd[6585]: Invalid user smmsp from
::ffff:221.2.232.28
Apr 9 02:26:06 jenus sshd[6585]: error: Could not get shadow
information for NOUSER
Apr 9 02:26:06 jenus sshd[6585]: Failed password for invalid user
smmsp from ::ffff:221.2.232.28 port 47374 ssh2
Apr 9 02:26:08 jenus sshd[6587]: Invalid user smmsp from
::ffff:221.2.232.28
Apr 9 02:26:08 jenus sshd[6587]: error: Could not get shadow
information for NOUSER
Apr 9 02:26:08 jenus sshd[6587]: Failed password for invalid user
smmsp from ::ffff:221.2.232.28 port 47449 ssh2
Apr 9 02:26:11 jenus sshd[6589]: Invalid user smmsp from
::ffff:221.2.232.28
Apr 9 02:26:11 jenus sshd[6589]: error: Could not get shadow
information for NOUSER
Apr 9 02:26:11 jenus sshd[6589]: Failed password for invalid user
smmsp from ::ffff:221.2.232.28 port 47531 ssh2

.....

Apr 14 05:02:11 jenus sshd[16053]: Invalid user sales from
::ffff:80.120.169.25
Apr 14 05:02:11 jenus sshd[16053]: error: Could not get shadow
information for NOUSER
Apr 14 05:02:11 jenus sshd[16053]: Failed password for invalid user
sales from ::ffff:80.120.169.25 port 4407 ssh2
Apr 14 05:02:15 jenus sshd[16055]: Invalid user web from
::ffff:80.120.169.25
Apr 14 05:02:15 jenus sshd[16055]: error: Could not get shadow
information for NOUSER
Apr 14 05:02:15 jenus sshd[16055]: Failed password for invalid user
web from ::ffff:80.120.169.25 port 4505 ssh2
Apr 14 05:02:19 jenus sshd[16057]: Invalid user www from
::ffff:80.120.169.25
Apr 14 05:02:19 jenus sshd[16057]: error: Could not get shadow
information for NOUSER
Apr 14 05:02:19 jenus sshd[16057]: Failed password for invalid user
www from ::ffff:80.120.169.25 port 4609 ssh2
Apr 14 05:02:23 jenus sshd[16059]: Invalid user wwwrun from
::ffff:80.120.169.25
Apr 14 05:02:23 jenus sshd[16059]: error: Could not get shadow
information for NOUSER
Apr 14 05:02:23 jenus sshd[16059]: Failed password for invalid user
wwwrun from ::ffff:80.120.169.25 port 4733 ssh2
Apr 14 05:02:26 jenus sshd[16061]: Invalid user adam from
::ffff:80.120.169.25
Apr 14 05:02:26 jenus sshd[16061]: error: Could not get shadow
information for NOUSER
Apr 14 05:02:26 jenus sshd[16061]: Failed password for invalid user
adam from ::ffff:80.120.169.25 port 4834 ssh2
Apr 14 05:02:30 jenus sshd[16063]: Invalid user stephen from
::ffff:80.120.169.25
Apr 14 05:02:30 jenus sshd[16063]: error: Could not get shadow
information for NOUSER
Apr 14 05:02:30 jenus sshd[16063]: Failed password for invalid user
stephen from ::ffff:80.120.169.25 port 4936 ssh2
Apr 14 05:02:33 jenus sshd[16065]: Invalid user richard from
::ffff:80.120.169.25
Apr 14 05:02:33 jenus sshd[16065]: error: Could not get shadow
information for NOUSER
Apr 14 05:02:33 jenus sshd[16065]: Failed password for invalid user
richard from ::ffff:80.120.169.25 port 1065 ssh2
Apr 14 05:02:37 jenus sshd[16067]: Invalid user george from
::ffff:80.120.169.25
Apr 14 05:02:37 jenus sshd[16067]: error: Could not get shadow

If you need to have the port open, there is nothing you can do to stop people (or, more likely, programs) from attempting to connect on the port. Just be sure you have good usernames and passwords. If you can identify a few IPs that are the only ones allowed to hit the server, block all others at a border router. Keep in mind, though, that if you are allowing access from users of cable or DSL modems (or even dialup), they tend to get IPs assigned from a wide range (though obviously much smaller than any possible IP).

Also be sure your server is completely patched and up to date. There have been several glaring security holes found in the last couple of years wrt various flavors of the secure authentication and communication of several popular versions, though I believe they all have been patched by now.

There are a number of automated brute force SSH attacks floating around, unfortunately, it doesn't look like this is just an automated scan - since those ips are from Taiwan, Germany and China. It's unlikely that you'd get three different ip's scanning you that close together.

It's interesting how they're jumping ports too.

As Mitakeet said, definitely make sure that all the passwords are of a good length, and watch the incoming ip addresses. Block the repeat offenders at your firewall.

--Simon