For the past few days I've been digging into the great security features available in Admin Tools by AkeebaBackup. Here's what I have found so far.

Most of the attacks have come from other countries. Sometime they try all out attack and others try to be sneaky by making attempts infrequently and maybe one or two times from the same IP address. 

Here is an example of how a bot will try logging in to the administration area and failing - Reason: Login failure (Username: admin -- Password: 987456)

So, leaving a Joomla Superusers' log in name as "admin" give an attacker half of your security defense. I can not stress enough to change the username to anything other than admin.

The next and most important thing to do is create a very strong password. A minimum of 8 characters with a few number and capital letter will go a long way.

If you need to have a review of your current site contact me for a free estimate.