That’s just the reality of having a public IP; bots are constantly scanning for open doors. The first thing you should do is disable password logins and use SSH keys. After that, you definitely need something like Fail2Ban.
Fail2Ban monitors your logs for suspicious behavior—like five failed logins in a minute—and then automatically blocks that IP address at the firewall level for a set amount of time. it’s a simple but very effective way to cut down the noise and keep your instance secure.
Beyond just Fail2Ban, a managed cloud platform like AccuWeb.Cloud provides extra security layers, like website vulnerability scans and performance reports. It’s much easier to sleep at night when you have those automated tools watching your back 24/7.