Honestly, this is an endless struggle because there will always be such login attempts.
However, if you like to block them, you could do it easily with ipset:
apt install ipset
ipset create blocked hash:net maxelem 1000000
iptables -I DOCKER-USER -i eth0 -m set –match-set blocked src -j DROP
Herewith we’ve created the ipset “blocked” (you can change the name as you want) and told iptables to store it under the chain “DOCKER-USER”. Attention: if your primary LAN adapter has another name as eth0, you need to modify the command above accordingly with your adapter name.
Now you can add the IPs one by one with the following command:
ipset add blocked 1.2.3.4
ipset add blocked 5.6.7.8
etc.
There is also an easier method:
just create a text file and place it for example here: /root/blocked.txt
Put all your attacking ips into this file and run the following command:
for ip in $(cat /root/blocked.txt); do ipset -A -q blocked $ip;done
That’s it. Please be aware that this is not persistent. After a reboot of your machine the ipset will be deleted.
In my case I have just created a little script which I run through CRON after reboot:
#!/bin/bash
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
ipset create blocked hash:net maxelem 1000000
for ip in $(cat /root/blocked.txt); do ipset -A -q blocked $ip;done
iptables -I DOCKER-USER -i eth0 -m set –match-set blocked src -j DROP
Good luck!