I had my freenas box set up using no-ip to forward ssh requests to my machine so that I could get to it from work, friends house, parents, etc. A couple days ago i noticed a large in crease in attempted logins and figured my box was probably getting bruteforced since it was accessible from the net on port 22 and well to be honest the security is pretty lax because there's really nothing important on the server at all. So I turned off my no-ip since I really wasn't using it that much anyway but to my surprise a couple days later after turning off my forwarding to port 22 I'm still seeing thousands of requests per day to my box.
My question is if I've turned off the forwarding to my machine how are people still finding a way to get to my box and attempt to SSH into it. Is this an easy thing to do people that do this all the time?
Sorry I'm a bit of a server and security noob I'm just worried that I still have something open that's allowing people to find my machine.