see https://www.clearos.com/clearfoundation/social/community/posts-vanishing

Below is an append made by Nick that disappeared...

Nick Howitt replied to the discussion What do you do after a break-in attempt?

Please don't think you have any more security with stock ClearOS compared to a domestic router. Your only security is user/password with a basic set up.

There are a number of approaches you can take. Firstly do you need to leave SSH open? If you don't, close it. If you do, at a minimum install app-attackdetector or fail2ban,but these give you no protection if the attack comes from an IP subnet - there is one Chinese bot which does this so connections come from different but similar ip address.

If you only need access for one or two devices consider closing the port on the WAN and connecting by Openvpn. You can then access SSH by using the ClearOS LAN IP. This is my preferred option. Other options are to change the port, set up SSH keys and set up port knocking. If you don't want to do anything like one of these options, then you are on your own, but at least use a strong password.