ffupi - you have my sympathy! On a similar vein, I've traced attempted hacks against our company websites, most of which come from Eastern Europe, Russia and China. There's little which can be done about it unfortunately. Have you considered blocking entire blocks of IP's rather than just individual ones? It appears to be a shame to block innocent users in some countries because of the spammers, but if more and more people took this action, it might encourage the local authorities to finally take action.
At one stage my employers network was getting hit by so much SPAM from addresses in China (tens of eMails per second) that our anti-spam system was in danger of crashing, so we just blocked anything with a Chinese IP address at the firewall. Now we may have lost one or two real eMails (though I doubt it!), but it solved the problem!
I've said this before - ISP's ought to allow customers to "opt out" of eMail coming from certain address blocks. If particular countries find that they are having problems communicating with the rest of the world because their email is being dumped, then they will be forced to clamp down on their spammers in order to restore their reputation.
I don't know if PlusNet do anything to ensue their customers who are set up for SMTP mail do not act as open relays - I'd like to think they do.
I doubt that many spammers are trying to lure network admins to their web sites, but you never know - yuo've highlighted one of the big problems of tracking these guys down. At the end of the day, there's little you can do to stop them even when you do track them down - I'd be inclined to stick to protecting your systems as best you can, and as I mentioned, if you find problems coming from the same places persistantly, block chunks of IP addresses.

Well you've done everything right so far.
Now you just need to remove Turkish IP's if you run anything like PHPNuke 
What part of the traffic do U need to log?
it can be done just depends on what mix of scripts you have,
as in do you use a CMS or a collection of pre-built scripts and your own code?
for example, If I wanted to look at the GET,POST,Time, IP and Host at which clients were connecting...
I'd do something along the lines of, creating a table '_log' with a few fields:
timedate,ip,host,get,post,... etc
You could even enumerate cookies, sessions if anything like that is used.
Make an includable logging PHP which will log all of it into the Table.
Include it into necessary Scripts etc...
Then you can view what's going on, either by PHPMyAdmin or make something to list them.
I'm workong on a similar setup for my own Website for Debugging and Monitoring purposes.
Not sure if that's what you were after, but it maybe a stepping stone.
Jim,

lets start off with the correct terminology.
Hacker - writer .. a programmer
cracker = some [Censored] of a skript kiddie
it is the Turkish Crackers that are concentrating on php-nuke and similar based websites/forums and the generic weaknesses that have been written into them.
you have to also understand that a MySql database will only hold data that it is told to hold .. no more- no less
therefore the weakness is in the scripts that write to your database -- the website/forum where public/anonymous are allowed write access.
I assume that you have already made your site/forum writeable by registered members only, and that you do have a GFX check enabled and that it is email registration check only.

next step is to download and install Fusion
check out this page
http://www.futurenuke/
wanna be real safe?
make a .htm website with no database
if you need a forum , make a .htm website and use one of the free forums that are widely available online

also check the IP of attempted cracking ..  most attempts of cracking my websites come from inside plusnets own network.
which means that somebody , somewhere has already gained inside access to plusnet's ccgi servers.