This is a problem that plagues all online forums. Spammers are resorting to using login bots to try to crack accounts with weak/easy passwords. There's no efficient way for the administrators to block the attempts. Just make sure you have a good password set. A modification from vBulletin has been requested to require the email address (which isn't publicly viewable) to login as opposed to the username, but they haven't stated they intend to implement that change yet.