So, for some time now, having an RDP port open to the web would probably mean trouble for you. A number of reasons you would not want to open that port up include being able to brute force the administrator account. Even if it has been renamed, it is not guaranteed to stop an attacker. There are tools for enumeration of user accounts. Anyway, apparently using an RDP honeypot is a great way to examine attack techniques. Please read the following blogs for more information:
Trusted Sec: Adventures of an RDP Honeypot
Wilbur Security: RDP Honeypotting
These articles are just a couple that I’ve seen out there. I’m sure there are more on the web if you look for it.
Stay safe out there.