A lot of crackers have their scripts and probably also botnets running to break in into machines listening on the internet via more or less known vulnerabilites and trivial passwords.
I recently happend to see 2 standard Linux tools to lock them out.
fail2ban scans the logs and upon certain failure message execeeding a given threshold it will block the source IP address of such activity in the firewall.
pam_tally2 counts authentication failures on PAM level and locks the user account if a threshold is execeeded.
Of course both approaches allow to configure the threshold, automatic unlocking etc. fail2ban is pretty freely configurable for many different purposes.
Another one I have just seen is http://denyhosts.sourceforge.net/ Looks like it has not been updated for a while.
(I’m not actively responsible for any machine listening openly on the internet, so I don’t follow that field explicitly. I wouldn’t be surprised if much more advanced tools exist.)