Brute force attacks
I was recently working on something on my web server when I noticed that apache was using an inordinate amount of CPU time. After investigating the log files to look for clues, I found that the traffic was a high volume of login attempts on my website.
My immediate thought was that I needed some way to curb multiple login attempts somehow, and so it occured to me that there may be a module around to deal with this problem. Some quick searching around led me to a module called "login security" which allows reasonably flexible control over the login process. I was able to set things up so that a certain number of successive unsuccessful attempts to log in during a given time-span would result in a temporary IP ban.
It was amusing to watch the number of "anonymous users" on my website drop from about 300 rapidly to 1 (myself), and my CPU usage drop to the usual nominal levels. The only unfortunate thing is that I can't seem to find any logging tools for viewing a record of activity. Still, this seems like a useful tool to know about. It also got me thinking about intrusion detection, because really I think I want to know when my CPU usage suddenly spikes to 99% at some time when i'm not around.