2222 is a dumb choice as an alternative port, it's both obvious and quite commonly used. I'm using a port on 4XXXX-range that's normally not used for anything and therefore not scanned by the bots unless all the 65536 ports are. The automated login attempts disappeared almost immediately, except for a few that were quickly blocked.
Now the logs are clean from automated login bots, the only thing left are real dedicated hacking attempts that is worth pursuing further.
Now the logs are clean from automated login bots, the only thing left are real dedicated hacking attempts that is worth pursuing further.