Noticed something looking through AWStats this afternoon. Traffic was coming from 188.8.131.52, an IP address in the Netherlands owned by a Russian. Sure, there will always be a few random hits like that, but this one has hit the login script 2,300 times this month. That’s a problem.
A quick ad to the CSF deny list and it should be taken care of.
And yes, I know it’s pretty trivial for whoever to start hitting from another IP. But Googling around tells me that there are other sites getting hit from this same IP. So, at least for now, it should be a little better.