I maintain a radius server that proxies requests from publicly accessible SSH servers which, unfortunately must run on port 22.
There are over 140 SSH servers that proxy all requests through this server and due to the logging which is configured I am able to capture all failed attempts including username password and IP address. I frequently scan these logs to find the top offending IP addresses and common usernames so I can add them to a blacklist for the radius server to drop straight away.
There are many public projects that compile sources of such information, however these logs are easy for me to divulge for others to incorporate into similar lists.
I will throw some old stats of interest and work on this to become a monthly release.
Failed Attacks: 19,969,074
Failed Attacks: 11,335,220
Failed Attacks: 5,277,817 <- I guess everyone went quite over the holiday period?
Failed Attacks: 6,786,138
Failed Attacks: 17,375,929
Failed Attacks: 16,437,020
Failed Attacks: 5,542,223
Failed Attacks To Date: 3,347,659