Go to Components>>RSFirewall>>System Logs
When you review your log you are looking for any items that have repeated attempts to login with passwords such as “admin” “administrator”.
Once you find line items that you feel are hack attempts copy the IP address.
Take all of the IP addresses that you have found to block and add them to the RSFirewall Blacklist (see related articles)
Remember to complete this process regularly i.e. monthly because hackers constantly upgrade their methods and IP addresses.