Quote:
In general, what do you guys do when your logs show someone attacking your server?

So far, nothing. In my case (on a linux server), it appears they go through a set number of ports, until they get to ssh. Then they try a set of four or five logins, none of which work. I presume they're just attempting some default passwords, but since I don't allow root access via ssh anyway, half of their attempts would fail even if they *did* know the password. I checked out a few of the various IP addresses, and they all originate in Asia somewhere -- mostly Korea and China. If it gets to be a big enough problem, you could always just configure your firewall to drop all packets from those particular subnets -- that's pretty drastic, though.