If you see a lot of these messages in /var/log/secure you might consider blocking SSH based on time and source IP.

sshd[30138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.188.7.185 user=root
sshd[30138]: Failed password for root from 119.188.7.185 port 9482 ssh2
Received disconnect from 119.188.7.185: 11: Bye Bye
Invalid user oracle from 119.188.7.185
input_userauth_request: invalid user oracle
pam_unix(sshd:auth): check pass; user unknown
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.188.7.185
Failed password for invalid user oracle from 119.188.7.185 port 9647 ssh2
Received disconnect from 119.188.7.185: 11: Bye Bye

This functionality can be achieved by using iptables recent module.

Add following to your /etc/sysconfig/iptables:

A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -m recent --set --name SSH
A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -m recent --update --seconds 600 --hitcount 3 --rttl --name SSH -j LOG --log-prefix "FW_DROPPED:"
A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -m recent --update --seconds 600 --hitcount 3 --rttl --name SSH -j DROP
A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT

Short description of the rules:

1. or each new connection attempt to port 22, add the remote source address to the “SSH” tracking table
   
2. If this is the third such new connection within 600 seconds, update the remote source address entry in the tracking table and log rejection action
   
3. If this is the third such new connection within 600 seconds, update the remote source address entry in the tracking table and DROP the connection
   
4. Otherwise, accept the new connection.