Wordfence automatically blocks IP addresses that repeatedly attempt to brute-force logins on UCalgaryBlogs. After a few attempts, they aren't able to try again for a few minutes (in case it's a legitimate person trying to log in, it doesn't banish them entirely right away). If they knock it off, the ban gets lifted. If they keep hammering, the ban gets escalated, eventually putting them in a permanent penalty box (identified by their IP address - not perfect, but it's all we have).
[caption id="attachment_24686" align="aligncenter" width="1228"]
Blocked logins by country, August 8-22, 2016[/caption]
I was half tempted to just drop the ban-hammer on the entire country of Russia, but we have students there (and I wouldn't want to anger Putin or his tiny-handed American mouthpiece). The US? Buffalo appears to be one of the biggest sources of spam bots - colocated servers (compromised? rented by spammers?) are a big chunk of the attacks we get.