Do you geo block? What do you use?
This tends to get people pretty upset but seems extremely simple to me. 9/10 attacks come from either Russia/eastern Europe or China. If you have no intention of serving customers outside of your intended demographic then why not just block everyone else?
Additionally for the providers here where have you found the most abuse of your services geographically speaking?
So if you do geo blocking what do you use? I have systems in place for webservers but want it instead for firewall. Changing the ssh port, removing root login, setting up fail2ban services and encryption certs is good practice. But perhaps there is a bigger hammer I can also use here that I'm unaware of.