I have any VPS which is hosted on Burst.net.
The openssh server running on it. When I checked the error log. I saw a lot of log in errors as below.
It is clear that the hacker want to connect this VPS through SSH as root. They tried different password, different port. All were blocked by PAM system.
To save the cost of these connection and PAM. I choose the way to block them per IP address.