One of the cool benefits of the watchdog module is being able to see what caused a page error on your website and when it happened, and the IP that did it. I never thought about this until now, but this is more than a debugging tool, but can also be a security monitor.

So this evening I'm checking my site monitoring and I see tons of errors in bursts (like every 30 mins or so for most of today). Curious to see what might be broken in 4.2-rc I started checking the details of each of these and realized, this was a hacker trying to gain access or modify my website. I have to say, that so far the way Drupal is distributed seems to have kept them out so far (I haven't found anything modified on my site yet), but I'm concerned with how much they've been trying to hit the site.

So I'm looking for ideas. Can I ban an IP address (all of this seems to come from 2 different IP's over the course of the day). This is just a personal family website, so it doesn't make sense to me (but then does hacking like this ever make sense?) why they'd be trying to hack my site. Guess I need to start watching my webspace that I don't start finding files on it or somesuch.

BTW: How do I know this is hacking attempts? Watchdog shows the URLS they are accessing and the urls are drupal clean urls, but with vi, emacs, edit, php commands, etc attached to it (I'm guessing they are trying to find weaknesses in Drupal in executing code like a cgi-bin will do).