I have noticed attacks on several locations:
As you can see in the printscreen above this is jst a script that tries all the most common locations. Easy to recognise as they are all just trying to get a response (other then 404: not found) testing http://mydomainname/ .../FckEditor/editor/... or ../../login.php)
Database entry points
To enable access to the server i can open specific ports to use remote tools. These ports are tested with the default accounts sa, su, admin, etc...and passwords (brute force)
server login points
Hour after hour they let scripts run, just like the database entry points or even the one above. administrator, admin, su.