Add the following to your .htaccess file to block posts to wp-comment-posts.php and wp-login.php that have do not have an http referrer or user agent. This will also redirect the user back to their IP address.

<IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{REQUEST_METHOD} POST RewriteCond %{REQUEST_URI} .(wp-comments-post|wp-login)\.php* RewriteCond …

The following command is for an Apache setup with multiple vhosts:
tail -f /var/www/vhosts/*/statistics/logs/access_log | grep 'wp-login'

tail -f outputs the end of the log file and updates any new content to the screen as the file is being updated, thus allowing real-time monitoring.

I use …