In the log files mentioned above try and locate the IP address of this joker and then use your firewall to ban his IP range - are you sure it is not someone you know playing these games?
XAMPP is not designed to be used from the Internet only from localhost as a development environment.
You are finding out the hard way about this XAMPP insecurity.
The readme_en.txt file in the xampp folder explains about the lack of security.
You should not use XAMPP but perhaps a more robust server like the free
Zend Server Community EditionGood luck.