Originally – I wasn’t looking for evidence of abuse or brute force attempts to my web server but through analysis of log files – I’ve found some.
A lot in fact. 100K+ HITs per day to particular parts of my site, the majority of which is brute force.
I’ve noticed weirdness in firewall logs too which I’m beginning to trawl through and start closing off doors because of. Thank the lord for iptables and a decent policy.
I’m now in a state of closing ports, rebinding services to IPs and setting up rate-limiting to thwart repetition. Blocking will now occur and prevent hammering of pages. Next is to start black-holeing IPs that persist.