Did you already find a solution for your hacking problem? The logfile entry provided by your hosting company suggests that the login.php script has some hole in it which can be misuses. The first thing to do is update to the latest version of the application you use and check their security announcements if this is a known bug and has been fixed.
The main way to truly protect the admin folders is to use your host's password protect directories from your cpanel. Make sure you lock it down from there. You cannot protect the osC admin folder from the application level there just too many factors.
In fact the login page that was introduced with the RC versions made security very weak as merchants believe the back end cannot be compromised and do not add the password from the cpanel which is a grave mistake.