Is the vcs on your internal net or exposed to the internet?
If its internal, you might identify the persons trying to access the VCS.
Anyhow, I would not run a vcs without a firewall to limit the access to the management ports,
expecilly if its connected to some public network.
There seem to be plans in the future version to have a local firewall on the VCS, but even
then I still recomend having the ports like ssh, http(s), ldap, ... blocked from the outside.
If you block it in your firewall you should not see any attempts.
Besides that, check that you use secure passwords for the admin / root and all other system accounts
as well as for the provisioning database and disable unused users if you added any.