here is a solution that might work if they are noob hackers

first of all u need to look for trojans in the server thats hosting u... u can get rid of them by using the server scans from pandasoftware...

to continue keeping ur website safe, force the users to enter through one channel only of their modem/rooter (more information on this at www.albinoblacksheep.com in the tech support forum)

u might also want to change the passwords to non-commonly used words. example: dont use sheep (or some normal word) as a password, but use numbers as well (I30T (my username, it has numbers and letters inside which no bruteforcer would be able to breach))

it also depends on what kind of login programing u have but to help u there i need more details cause the subject is too broad