I installed version 2.1.2 a few days ago and it seemed to work nicely.
But now I see attacks in my log with the correct secret/answer combination. You couldn't guess this combination and I used it nowhere else.
They're still trying to login, so they don't know the login. So probably neither my PC nor the server were compromised.
I'm really worried. How can the hackers possibly know this?