Somebody attacking your ssh daemon??

sshd[5948]: Failed password for root from 116.10.191.220
sshd[5948]: Failed password for root from 116.10.191.220
sshd[5948]: Failed password for root from 116.10.191.220

You can stop this easily with iptables rules. The following two rules limit connection attempts on port 22 to maximum 4 every 90 minutes, if you get more attempts they will be dropped.

iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent \

  --set
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent \
  --update --seconds 90 --hitcount 4 -j DROP

1. First line: any NEW connections to port 22 over TCP use the recent module to keep track of the IP address; the -m recent --set takes care of this. 
2. Second line: -m recent --update checks if the IP address of the incoming connection is in the recent list. The --seconds and --hitcount limit the match to within 90 seconds and 4 tries.

i.e.. Drop if: IP address previously in recent list AND IP address has tried to make a NEW connection within the last 90 minutes AND IP address has tried more than 4 times.

 Stops that nasty traffic!

ref: http://www.debian-administration.org/articles/187