Shadowsocks 2.6.2+ output the IPs that try to brute force crack your password.

You can use utils/autoban.py to ban them.

python autoban.py < /var/log/shadowsocks.log

Use -c to specify with how many failure times it should be considered as an attack. Default is 3.

To continue watching for the log file:

nohup tail -F /var/log/shadowsocks.log | python autoban.py >log 2>log &

Use with caution. Avoid to ban yourself.