Are you using something like fail2ban? I'm seeing slightly higher activities on all my servers, but I doubt it's actually statistically significant (i.e. not different from random)
A glance at the logs and it looks like our dedicated servers are fail2banning IPs at pretty much the normal background level—i.e. a fairly steady stream of mostly Chinese addresses all day long.
I would like to take this opportunity to air my grievances regarding fail2ban.
I'm not a security researcher, but fail2ban appears to be a log prettifier instead of an actual security apparatus, as it doesn't actually prevent anyone from logging into your box. Unless you've configured fail2ban to ban IPs after 1 failed attempt, if you don't have a secure password or any other such basic security measures, you are still at risk of getting pwned.
Instead of taking the time with fail2ban, I personally just make sure everyone uses passphrased ssh keys, or use a strong password in conjunction with a yubikey or 2 factor authentication and call it a day.
My read was that the software was blocking specific CIDR blocks, and those blocks were within the allocations of the listed countries.
Not that he was doing country-wide blocks. Though I could see doing that in some cases (e.g., you do no legitimate business with country Z, but get some high percentage of attack traffic from it). Metcalfe's law fails to account for the fact that many nodes in fact contribute negative value to the network.
I prefer CIDR-level blocks myself, if single-IP blocks prove too whack-a-mole-ish.