I was getting a lot of attempts from the 176 IP as well, but when you look it up it doesn't show as being listed in any DNSBLs, how does that make any sense?FYI...
Brute force attacks - WordPress sites...
Mar 15, 2012 - "... Lately we have been seeing many WordPress sites being attacked and hacked through the use of brute force. The administrator leaves the default admin user name and chooses a simple password, and -never- changes it... There is a technique known as brute-force attack... access is gained to your environment through brute force. Often conducted by bots, these attacks will run through a compiled list of common passwords and their permutations (i.e., password, Pa$$w0rd, p@ssw0rd, etc..)... the attackers know that you substitute A for an @ and S for a $. Using this method the attackers are gaining access to your wp-admin, this then allows them to serve spam via your posts, deface your home page like we recently saw with ServerPro, and inject any one of the other types of malware... in the last few days we detected more than 30 IP addresses trying to guess the admin password on our test WordPress sites (wp-login.php). Each one of those tried from 30 to 300 password combinations at each time. Sometimes they would mix that with a few spam comments as well. Example:
126.96.36.199 32 attempts
188.8.131.52 47 attempts
184.108.40.206 211 attempts
220.127.116.11 39 attempts
18.104.22.168 105 attempts
22.214.171.124 40 attempts
And many more IP addresses. We will adding all of them to our IP blacklist* and Global Malware view**..."
WordPress Page is Loading... an Exploit
March 15, 2012 - "... Spam appears to be the driver of these campaigns. Various websites have already been identified to be redirecting to Blackhole exploit kit... Currently, these sites redirect to the following domains that host Blackhole exploit kit: