I rented a server recently to host my XOOPS sites. Pretty soon I started seeing attempted logins to SSH and FTP, testing long lists of common user names, presumably for common and default passwords.

After a couple of weeks there were hundreds of attempted logins per day. Then more than a thousand. Yesterday it was more than 6,600 (say one attempt every 4.5 seconds!) and I started getting brute force attack warnings from the server.

I know that a certain amount of random probing is normal, but at what point do you start to think it may be a targetted attack? Appreciate any feedback from other server admins.

I have disabled password authentication on SSH and shut down the FTP service as a precaution, when not in use.