Something new. Well, new to me, and I couldn't find mention of it with Google.
I noticed that there were a *lot* of password guessing attempts, all to the same place, but from a lot of different places. Someone is using a botnet, feeding it with a huge list of possible username/password pairs, and trying to guess passwords.
That's actually a very efficient way to guess passwords. Never mind about "password", "letmein" and "123456". Never mind about rainbow tables. A very likely password for someone to use, is a password they used elsewhere. I imagine there's tons of free sites that ask you to sign up for kitten videos (so cute!) and choose a username and password. And they're harvesting these for password guessing attempts.
I already have a thing that blocks password guessing attempts, but it assumed that they came from the same IP address, which used to be the case.
So I wrote a little perl program that reads my log file and outputs a list of IP addresses that have been doing this. It turns out there's 152 of them, and I blocked them all using iptables. It's all automated now. My log files will be less full.