Several years ago I suddenly got an automated message from my web host telling me that my account was using too many resources, and I would soon have to upgrade. This surprised me quite a lot, since the only thing on there was my blog, which was small, and I never wrote, so no-one ever visited.
I contacted support and asked them what had caused the error message to send. As it turns out, a bot was trying to break into my WordPress login form. It was simply trying usernames and passwords in a classic brute force attempt to guess a username and password combination. The problem was that it was trying over 100 times per second. This means that my login page was loading 200 times per second, once for the form, and once for the failed login notice. My server was melting.