How can I stop all of these: login failure for user xxx from xxx.xxx.xxx.xxx via ssh
and
via ftp
Very simple.
In IP > Firewall set up a new rule (input chain) that will accept traffic on port 22 (ssh) for your IP`s from which you want to connect to the router by ssh, and drop the rest of the traffic on this port. Do the same for port 21 (ftp).
Or, if you have only one network from which you want to access to your router, you can set this up in IP > Services.
If you do not want to use ssh or ftp at all, disable those services at the same place.
how about simply entering an IP-address-range into /ip service ssh?
(but ususally it’s coming from internet, plus i don’t like changing WKS-ports. has anyone written a rule to make a temporary blocking address-list for this kind of attack and likes to share it? tia.)