When your firewall it not setup to filter out traffic from all but certain IP addresses, you will often notice many failed SSH login attempts. My CentOS servers will notify me of this when I login with a message like this:
There were 3881 failed login attempts since the last successful login.
There are several ways to prevent this from happening. Since many bots make their attempts on the default SSH port 22, changing it to something else will often reduce the number above to zero.
Change the default port by opening the sshd service config file, located at /etc/ssh/sshd_config.
Open the file with an editor. Look for the line containing the port setting. It will be commented by default.
Uncomment the line and change the value to something else, say 5000.
Save the file and restart the service.
service sshd restart