Update 28/4
As a “request” from Mr Weaver I’m adding some facts about Deep River Ventures here:
https://www.cbinsights.com/investor/deep-river-ventures
https://www.cbinsights.com/company/industrial-defender
http://www.industrialdefender.com -> http://cyber.lockheedmartin.com/
About Deep River Ventures partner Roy Mall:
https://www.linkedin.com/in/roy-w-mall-227850
http://www.stacsolutions.com/
——
Update 24/4
If it was not obvious I’m merely asking how probable this connection is. Needless to say there are more indications of this scenario in my logs than those stated below
——
Quick follow up on the hacker attack. Nothing special, simple stuff. But anyway. Someone did try to either breach the wp-login.php by brute force, or maybe only clog down the server.
Nothing worked of course.
But then I started to look at the IP numbers and one number started flashing like a christmas tree… A number that belongs to what I consider a mid sized hosting company in Los Angeles. Ie. Namecheap LLC.
Then I made some searches on Dawey Weaver a close contact of Darden/IH and also a shareholder (thru Deep River Ventures) in IH.
I was a little surprised to see that both his domains deeprv.com and deepriverventures.com are hosted at …
You guessed it: Namecheap Hosting
Hmmm.
So, I’m just asking, what is the probability of this?
It seems improbable for it to be mere chance.
Over the years, I’ve had quite a few of these attacks.
Not sure what they are and never bothered to much with them.
I understand its often botnets, malware that exists in for example toasters, servers and industrial lightning etc that works together either to give people hits on their youtube videos, or as in this case, brutally trying to guess random admin passwords by trying username and password. All WP pages has normally the same login url – so the stupid botnets (if you are attacked by a stupid botnet) is just trying to guess admin name as admin, then as passwords that are random and common.
If succesful I understand that one thing that happens can be to plant some malicious code on your webpage that tracks people or infects their computers (?)
I did however notice that in the pass days it seems one of my CF related webpages had +11 000 malicious login attempts. I would like to track the IP / origin just as you have done. How do you do that?
One of my CF related pages has recently seen
There are always some level of attacks on WP sites. Usually in bots checking for bugs (not updated WP versions). They only try once and then go on to other sites. There are hundreds to thousands of these each day.
This was very different. Suddenly. Right after (some minutes) posting articles the flooding starts. Especially on 14/4, but also other times. I have not had these brute force attacks before. And from a single IPs. (Botnets use lots of hacked IPs) This is why I think this was not part of a botnet attack, but a much more unsofisticated one.
I use whois to check IP numbers. Works from the terminal on unix and Macs. Dont know about Windows. There are also lots of webpages. Google “whois data”!
I reported on Vortex-l some weeks ago the pressing and persistant hacker and DDOS attacks on my cold fusion blog server. Clearly the forces of evil are mounting an incresingly pernicious attempt to prevent cold fusion/lenr information from becoming more widely known. As if this was not clear from the lack of mainstream media coverage of the several striking breakthroughs in the field of recent. Nothing new of course as this suppression of news and knowledge on cold fusion has been going on since 1989.
I can’t comment on any hack attempts being related to the timing of your posts, but just so you know, Namecheap is a pretty popular DNS registrar (I have a domain with them, for example) and they also offer hosting services. The fact that Dewey Weaver, or anyone in particular, has some sites hosted with them isn’t what I would call a big coincidence.
I know they are big. And that this kind of stuff is never 100%. As I said though, in this case they are not only the registrar, but also the ISP/hosting company for deeprv.com, which means they have a closer relationship.
I’ve been in contact with their abuse departement and are giving them information.
“In this case they are not only the registrar, but also the ISP/hosting company for deeprv.com, which means they have a closer relationship.”
That is correct in my experience.
Very amateur attempt, these bozos have mountains of money but have no skills or even enough brains to outsource this kind of thing.