We handle this by (1) hardening our Linux systems and (2) checking each day for new IPs or blocks of IPs to deny access to using iptables and a couple of other filtering/blocking mechanisms, based on LogCheck's output.

When we discover an attacking IP, we first run it through the whois at Arin.net [arin.net] to see where it's coming from and how many IPs we should block. Since we only do business with U.S. customers, if the IP comes from a Chinese, Australian or Dutch block of IPs we block the whole IP range. If it's an American IP, we block the one address.

The attacks you describe are very common. You should address the issue, soon.

We had one attacker plant a rootkit on one of our servers by hacking the dedicated server host's tech support user and password. It wasn't even one of ours! Our passwords are minimum 16 characters long and quite convoluted. Tech support's password was 6 characters using upper- and lower-case alpha characters only. Not much of a challenge for a brute force attack.

<edit>What you are experiencing is not a "denial of service" attack, where the goal would be to cut off your server from the rest of the world by grinding it to a halt with requests. However, if the automated attack you describe gets too aggressive or you are being hit by several attacks of this type at the same time, the net effect could be similar to a DOS attack ... in that your server becomes unavailable to genuine traffic.</edit>