They weren`t doing anything too advanced - they were simply trying to brute force user`s password using the most common passwords people use, such as "password", "username123″ , "fuckyou" etc.
Our forum has a security mod which detects multiply failed logon attempts. In that case it blocks an account for 10 minutes and sends an email: "Account is now blocked".
If you have "strong" password there is nothing to worry about.
Here are some principles for setting a good password (by David Harley):
So, everything is under control● Embed control characters or non-alphanumeric symbols such as digits, punctuation marks and symbols (where the system allows this).
● Misspell (but consistently!) "Dis passéfrase 1s kwite gud bot wd b betr wiv sum #s & karakters that r nut alfan00meric."
● Unorthodox caPitaliZation
● Use a personally significant acronym, e.g., ICRMFPW (I Can`t Remember My Friendly Password)
● Link together two words, possibly with a symbol as a delimiter, e.g., egG^rIbBoN.
● Replace letters with digits or equivalent characters, and words with abbreviations, e.g., BunZ4T, NeWz@10.
● Interleave two words, e.g., RmAaInN.
● Interleave a word with a numeric string, e.g., f9L7a0s8H.
● Don`t use the same password on several machines.