Since WordPress is such a large target it seems this sort of attack is going to become more common. Directions on avoiding becoming a target of this attack can be seen in this thread:
Here you can see the impact on Idle CPU and server load:
As you can see this had a major impact on these servers with the load going up to ~70 on one server and ~43 on the other and Idle CPU dropping down to 3~4% on both. The quick dips in the load after it's risen and the quick rise of Idle CPU to normal are us putting blocks in place only on the accounts that were under attack.
- Only affected accounts had the block put in place.
- It is fully possible for the webmaster/account holder to modify/remove the block although we suggest only doing so if you plan to somehow protect the wp-login.php
- Full directions on the block and how to add your IP or remove the block can be seen here: http://forums.mddhos...jasmine/?p=4896
We do not like putting blocks in place or modifying user content [as required to put this block in place] but the Idle CPU and Load Graphs make it clear that action was required.
If you have any questions about this at all, let us know.