I've had similar incidents where someone whos IP address indicated they were from Russia tried various of these tactics to access my employers website via one of the CMS pages. They automate it because automation is easy, and they can try and gain access whilst they sleep. Some of them have so many things to try, it effectively becomes a DoS attack.
Fortunately I have a Web Application Firewall (WAF) in place, and they are able to identify countries by IP (to some limited degree). As we don't do business with Russia for legislative purposes, I was able to block the entire country. It's not something I particularly wanted to do, but they changed IP address once I blocked the one they were coming from.
It's always going to be game of cat-and-mouse, with people wanting to control as many servers as possible to instigate DDoS attacks, mine cryptocurrency, or steal data
We're a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.