I'm not sure what is happening here. I have a 10.04 LTS LAMP server running and have a cron going to check Apache and MySQL at intervals and if either should go down, restart the unresponsive server. If after so many restarts of the affected server, if it still is unresponsive, the whole server reboots automatically. This has actually worked out pretty well for a long time as it seems self-healing. It's rare that the server would need to reboot (I'm emailed notices when it reboots just before it reboots).
Well, every so often some bot would come along (like one I had come in from an out-of-the-country IP recently) and try to log into the server via ssh and try to log in as root. That won't work because "root" as a user has been deactivated (only special scripts I made to help run the server will run as root/sudo). There is no "root" user that can be logged into. Further, I have ssh set up to only accept logins from an authorized administrator who obviously isn't named "root". That's the FIRST thing I always do when creating a server. Anyway, they do still try to log in as root. And they do it repeatedly over the course of minutes (and getting denied entry, of course).
Now, is there a way to prevent this and is this why Apache and MySQL could go unresponsive? Too many attempts of someone trying to log into the server hitting the server too much? They aren't coming in via Apache or MySQL, just ssh (remote like PuTTY or some other program).
Can someone tell me if I'm looking in the right place and if there is a way I can stop repeated attempts (even if they can't possibly get in anyway)? Also, is there a way to stop it cold before they even make an attempt? I don't know how they got our IP (you need the IP in order to log in via ssh) in the first place so is there a way to get the IP masked for ssh but still work for DNS for Apache running on the server so scanning bots can't even find and try it?