Been getting a lot of unclosed sessions in our jcr logs (using 5.4) and our publish servers have stopped responding a couple of times recently when hit with a burst of lame php hack attempts. The speed of them is what I think is doing us in, in combination with the session errors in particular, but also with some component errors we're getting as well. There was a heap error reported that took one of them down most recently. Am in the process of cleaning all that up (sessions, components) but was hoping for some insight on which is the more likely culprit in the downtime. Have blocked php requests at apache now, but was also wondering if there is any other mitigation in CQ that could/should be active. Will be reviewing the security docs again in the meantime as well.