Dear readers, in the past week we have been under intermittent attack by an idiot botnet trying to brute-force admin passwords so it can insert spam links that would take us a few hours to clean up. There were over 15,000 login attempts over night!
The situation is as if I had a car with two separate keys (username and password), one for the door and one for the ignition. The botnet is like a car thief with a massive keyring of thousands of keys (password guesses). He tries out each key hoping it will magically work. If by some miracle he finds the right key (username) to open the door, then he would need to go through the whole thing again to get the car to drive (by guessing the password). Then, I would recover the car a few hours later with LoJack anyway.
Unfortunately, despite having no chance of success, this moronic behavior taxes our server resources. Therefore we’ve taken some extra security steps to try to keep the scripts from ever reaching the login page in the first place.
The TLDR point of all this is that if you find the site behaving oddly (especially in regards to logging in or commenting) due to the defensive maneuvers we’ve been forced to take, we’d appreciate it if you’d contact us and let us know.
Thanks brave readers!