In today’s internet this is quite normal sadly. There are hordes of botnets trying to login to each server they find in whole IP networks. Typically, they use simple dictionary attacks on well-known accounts (like root or certain applications accounts).
The attack targets are not found via Google or DNS entries, but the attackers just try every IP address in a certain subnet (e.g. of known root-server hosting companies). So it doesn’t matter that your URL (hence the DNS entry) is rather obscure.
That’s why it is so important to:
- disallow root-login in SSH (howto)
- use strong passwords everywhere (also in your web applications)
- for SSH, use public-key authentication if possible and disable password-auth completely (howto)
Additionally, you can install fail2ban which will scan the authlog and if it finds a certain amount of failed login attempts from an IP, it will proceed to add that IP to /etc/hosts.deny
or iptables/netfilter in order to lock out the attacker for a few minutes.
In addition to the SSH attacks, it is also becoming common to scan your webserver for vulnerable web-applications (some blogging apps, CMSs, phpmyadmin, etc.). So make sure to keep those up-to-date and securely configured too!