There are constant attempts to try to enter the server by guessing passwords -especially those associated with the user:root. To prevent this abuse, the application 'Fail2Ban' blocks the IP where attempts greater then 3 tries at entering a password for a period usually about 10min (depends on how it is configured). For further information see: Fail2Ban on Ubuntu
Lastly, check the status of fail2ban:
If fail2ban is not active
Login to Webmin in your browser (user:root), and first click on "Refresh Modules". Then go to "Networking"->"Fail2Ban"
One should find the sshd 'jail' active -- preventing more that 5 fail attempts to login as it implements a lockout of 10min. These parameters can be changed to suit one's preferences.