Hmm, that might be possible, yes. They seem to be constantly trying any security holes they know - for example the log shows attempts to open url "administrator/SiteEngineManager/components/Editor/assetmanager/assetmanager.asp", but more commonly they are trying to log in as an admin into a wodrpress-site.