You should definitely analyze the weblogs on a regular basis.
(it's also were you can find the source ip of your 'attacker')
These can be found (by default) in %Systemroot%\system32\logfiles.