I had a few sites that got this sort of nonsense attack - I added a plugin to change the /wp-admin login url, and it just stopped - worked well......