Same here. I run a tiny Wordpress site that organizes private poker games for a local ~40 person league. We get maybe 5 signups a year from actual new members. We have it so that only admins can create new user accounts.
Once, that option got turned off accidentally and anyone could sign up. We got about 10 signups a day until I reverted the change, all spammers and bots.
The server logs also show that we get hit by script kiddies dozens of times an hour. This is such a tiny scale operation, with no meaningful commercial activity going on, but anything exposed to the public internet should be considered under attack 24/7.
Once, that option got turned off accidentally and anyone could sign up. We got about 10 signups a day until I reverted the change, all spammers and bots.
The server logs also show that we get hit by script kiddies dozens of times an hour. This is such a tiny scale operation, with no meaningful commercial activity going on, but anything exposed to the public internet should be considered under attack 24/7.