Hits every few seconds from same IP so an automated attack. Adding these guys to various blacklist databases.

  1. 202.64.181.144: – thousands of hits to wp-login.php between 6:22 AM and 12:19 PM Eastern on October 13, 2015

This is what went down:

$ grep "wp-login.php" --color=always /path/to/our/access.log | GREP_COLORS="mt=0;34" grep "202.64.181.144" --color=always |more

202.64.181.144 - - [13/Oct/2015:06:22:52 -0400] "POST /wp-login.php HTTP/1.0" 301 477 "-" "-"

Many, Many hits later...

202.64.181.144 - - [13/Oct/2015:12:19:47 -0400] "POST /wp-login.php HTTP/1.0" 301 477 "-" "-"

The rest of this content is only available to registered users