This morning and part of the afternoon some idiots have been trying to hack my website.
They did this via brute force attacks on the node/add paths of my site in hopes to get past the login.
Of course this didn't work.
However, what did happen was that they didn't just bashed my site, nope, they bashed it so fast and obviously that the load on the shared hosting servers climbed to 8. Of course these morons didn't try to be subtle so soon enough alarms were triggered with the hosting company who in turn just restarted apache and mysql and banned the ips of the idiots trying to bash my site.
So, people, first of all, don't try brute force, it's the attack of the monkeys, of the script kiddo's who don't know how to do a proper hack. And, it's not only lame, it's also hurtful for everyone hosting on the IP of the site you are attacking because it is a mild form of DoS.
So, if you want to hack, be subtle, brute force will get you noticed and land you in jail. Plus, you are hurting other people then your intended target, this is never a good idea, not morally, but also not from the viewpoint of someone who wishes to hack a website.
So, if you want to use brute force, do it slowly without triggering a high load on the server, you will be less noticed. Unfortunately for most people, you probably will be noticed by me because I log all login attempts with invalid ID's or passwords. If I had the resources I would setup a sandbox for you people to practice in... But then again, the people bashing my site probably aren't interested in the fine art of hacking and security, they are interested in creating a spam platform on this website, or use it to infect people with viruses. And that is something I can't allow.
So sorry mister spammer, your attempts have been logged and your providers (yes both of them) have been notified, so probably you will loose at least two of your zombies from which to try something like this again.
Happy new year for everyone who is not a spammer!