On Sunday June 8th, I was alerted to a visitor that whom was doing whom was trying to log in. The same ip was trying to log in over and over. I ended up blocking the the ip. I decided to dig deeper and check out the ip and see if I could find the owner. When I had blocked the ip, I was informed that I have received 5,490 hits prior to that ip being blocked.
The first thing I did was run a trace on the ip. The ip is registered to Sharma Punwasi. Mr. Punwasi lives in The Netherlands.
I was able to get his full address and location. I decided to look him up and found all of his social media accounts. The first account I went to was his twitter account and found a site for global IT events to be listed. This site is registered to Mr. Punwasi and has the same registered address as his ip. According to Sharma’s bio, he is a security analysis. I am not sure how attempted to hack this site, is part of a security analysis, but I think I passed. I ended up having a total of 22,306 hits from his ip. In fact 16,816 of those hits came in after I blocked his ip.
I am not sure if Mr. Punwasi has any connection to Pankaj Gupta or Michael McNally. I do know that Shrama did spend some time in India as he mentioned on Twitter. The fact that he runs an event related site is highly suspicious too. I seriously doubt that this was a random attack. I have started to see a spike in the failed log in attempts to my server. At least I was able to identify Mr. Punwasi and have reported him for the hacking attempt. I wonder if he will end up pointing the finger at whom ever asked him to try and hack this site.