Joomla is a great platform for developing portals and websites.
What many people tend to forget is that CMS platforms like Joomla and Wordpress are managed through an online administrator login.
The disadvantage with this is that hackers are trying to guess the passwords using automated tools.
On a standard Joomla website a hacker can find the administrator login page by adding /administrator to the website url.
Likewise on a standard Wordpress site you can simply add /wp-admin to the url to get to the admin login.
Example:
Your site is: www.example.com
Joomla
If your site is a Joomla site then the administrator login will by default be:
Wordpress
If your site is a Wordpress site then the administrator login will by default be:
What to do ?
To improve the security of my sites I therefore always disable the default administrator url, and also monitor all attempts to access the default admin login url's. For Joomla sites you could e.g. use the extension called Adminexile which will notify you by email of any attempt, and also dynamically ban perpetrators for a timelimited period.
By doing so, you can monitor all such hacker attempts and take further measurements should they be persistent.