I was alerted to this yesterday, and quickly put a similar access-list in place.  

However, when I did a bit more reading up on it, I found that control-plane access lists do not have an implied deny rule so the "permit ip any any" is not needed.  In fact it may (although I'm not 100% on this) inadvertently result in greater management access being granted. 

To be safe I went back in an took that line out.  This still worked (ie it blocks 193.27.228.247 address but allows others to make vpn connections)

This is what I was reading: CLI Book 2: Cisco ASA Series Firewall CLI Configuration Guide, 9.6 - Access Rules [Cisco ASA 5500-X Series Firewalls] - Cisco

Management Access Rules

You can configure access rules that control management traffic destined to the ASA. Access control rules for to-the-box management traffic (defined by such commands as http , ssh , or telnet ) have higher precedence than a management access rule applied with the control-plane option. Therefore, such permitted management traffic will be allowed to come in even if explicitly denied by the to-the-box ACL.

Unlike regular access rules, there is no implicit deny at the end of a set of management rules for an interface. Instead, any connection that does not match a management access rule is then evaluated by regular access control rules.

We detected a similar attempt from the same IP: 193.27.228.247.

We took another approach, by using uRPF to block the packets sourced from that IP.

We added a static route via inside interface to 193.27.228.247 host, so that when the packet reaches outside interface, URPF compares the source ip address to the routing table and will see the route for that ip is via different interface (inside). Due to that fact, ASA drops the packet as considered a spoofed packet.

Ionut