but I discovered that the attack was for a joomla's component with the same name!
How attackers attacks:When a vulnerability is discovered hackers seach Google of sites having in URL a characteristic word inorder to find vulnerable sites. In this case they could search for inurl:com_newsletter or using the "allinurl"
I must say once more:1. Always update your sites to the latest Elxis version.2. Enable Elxis Defender and set some good filters.3. Enable SEO PRO.