I think someone is trying to force his way into my CMS. The method they are using is described here, they are just trying to generate the same random number as my server did. On August 7th I had 3600 login attempts in 6 hours. They also applied for a user-account in the normal way, but because I run the Approve Membership module, I stopped handing out accounts after the first 5. In my articles they had posted some weird comments, that triggered the first investigation.