One quick thing you can do that should help, is to set up some firewalling and block the specific IP address that is making the connection. If you’re on Ubuntu, using ufw
is the simplest way to manage IPTables firewalling. Check out this tutorial for all the info:
The quick, TL;DR version is to first set up default rules allowing outgoing connections and denying incoming ones:
sudo ufw default deny incoming
sudo ufw default allow outgoing
Then set up the ports you want open:
sudo ufw allow 80/tcp # http
sudo ufw allow 443/tcp # https
sudo ufw allow 22/tcp # ssh, change if you're using a different port
Finally, block the IP address and enable ufw
:
sudo ufw deny from attackers.ip.address
sudo ufw enable
This should stop them for now. Of course, the people up to these kinds of unsavory things often manage switch up their IP addresses frequently. Doing this by hand over and over again is not desirable. You can set up fail2ban to do a lot of this for you automatically. For more information on how to do that, check out:

by Shaun Lewis
Learn how to setup a firewall with UFW on an Ubuntu / Debian cloud server.