The IP address is mentioned in the email. It's also available in Admin Tools, Web Application Firewall, Security Exceptions Log.
However, you shouldn't need to block IPs yourself. Just let Admin Tools handle that for repeat offenders. It's very efficient! Go to Admin Tools, Web Application Firewall, Configure WAF, Auto-ban Repeat Offenders and set it up per the following screenshot, replacing "YOUR EMAIL HERE" with your actual email address.
Moreover, I'd recommend scaling down on all the emails from Admin Tools. I personally consider them an overkill since Admin Tools handles IP blocking by itself and everything is logged anyway. In order to disable those emails just go to Admin Tools, Web Application Firewall, Configure WAF, Logging And Reporting and delete the contents of the text box next to "Email this address on security exceptions".
Finally, on your question why these people are trying to log in to your site it's the same as with any perpetrator: to make money, illicitly. If they could guess your Super User username and password they'd get control of your site. They could then use it for a number of illicit purposes such as sending spam, attack other sites or make it a part of a botnet (network of compromised computers used to perform a number of illegal activities in a way that makes it hard to get caught). These hackers make lots of money out of these activities, hence their persistence in trying to brute force your site's login. Admin Tools is designed to protect you against these people.
Nicholas K. Dionysopoulos
Lead Developer and Director
🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
