Okay, so that explains all the trouble.

For one thing, do you know where the attacks are occurring primarily? If they are getting your passwords and logging into your host or MySQL databases, try generating an SHA1 hash of a random number and use that for your password. I'd rotate that once a month.

Joomla, for one thing, has very little respect in my eyes. I've used it several times and hated it each time. One thing you can do, if you understand PHP, is to block addresses from known temporary account domains. To see a list you can refer to this thread at TalkPHP. There's a whole list there that you can copy-paste if need be. I suggest Enano, which is newer, is built off PHP5 (which has better security), and has wiki-like features, so you needn't include a wiki for your documentation.

And do you have anything in the error logs that you can find? For instance, failed hacking attempts that might have caused an error.

This is all I can think of at the moment, but I can help you to secure your site.