Our site was hacked today by someone. After reloading the user tables (Yes, the admin account was changed), I logged in and decided to first look at Joomlawatch component. Surprisingly, I found out how the perpetrator got in. I immediately blocked his IP and as I was finishing up a more detailed inspection, I saw another IP from the same foreign country pop in, trying to do the same thing. So, I blocked that one too.
I removed the mod causing the problem! Later, I'll find other ways to tighten up security but for now, You saved me a ton of time troubleshooting this mess!
Thank you, thank you, thank you!!!
Actually, is there a way to block certain countries? Any plans to add this to future releases?