myemptymind.com attempts to hack 123Unix.com

While revamping 123Unix!com pages I’ve set the whole of http://www.123unix.com/ to be behind a ht password. The only reason for that was to save stray visitors from confusion of half-written pages at the website. So the password wasn’t particularly strong – just a single character!

Still, “real” hackers don’t brute-force passwords any more, they’ve got special techniques to hack into a password-protected website.

What did myemptymind.com do? They’ve tried different typical WP administration URLs:

/wp-login.php
/old/wp-login.php
/cms/wp-login.php
/blog/wp-login.php
/blog_old/wp-login.php
/blog-old/wp-login.php
/blog/wp/wp-login.php
/wp/wp-login.php
/WP/wp-login.php
/backup/wp-login.php
/blog/backup/wp-login.php
/wordpress/wp-login.php
/Wordpress/wp-login.php
/wordpress2/wp-login.php

The first one was correct, but they’ve got a HTTP 401 response and hence moved on (getting the same return code in each subsequent try).

Two more things are noticeable with this case:
They’ve used a known robot User-Agent string: "Mozilla/5.0 (compatible; Googlebot/2.1; http://www.google.com/bot.html)" so they didn’t appear in my awstats reports,
OTOH they’ve been nowhere like secretive with their reverse IP double-resolving correctly to myemptymind.com (204.14.93.222).

So who’s this?..