Logs indicate several connecting Chinese IP addresses were responsible for exploiting a Menalto v1 Gallery comment form injection vulnerability over the weekend. Multiple PHP files were modified to include an ob_start("security_update") function and attempted to use iFrames to redirect visitors to http://www.iws-leipzig.de/contacts.php.
The banhammer was dropped on the following. I suggest any site administrator reading this do the same. You don't need those damn Chinese in your neighborhoods, anyway.
|126.96.36.199 - 188.8.131.52||CHINANET Jiangxi province network|
|184.108.40.206 - 220.127.116.11||CHINANET jiangsu province network|
|18.104.22.168 - 22.214.171.124||Golden Telecom LLC Natalia Pigorova 15/15/6|
|126.96.36.199 - 188.8.131.52||China Unicom Henan province network|
Thanks to http://ip2location.com, I will be banning all of China.
Russians...even you Chinese, are really stupid.
Back in 2005, Russian monkeys who had nothing better to do than exploit register_globals=on vulnerabilities across Mambo (now Joomla!) websites, were defacing sites at an alarming rate with their impressive script kiddie downloads. It's likely some of them have left their parent's basements and have moved on to bigger and better things. You know...such as working at McDonalds.
Because, there is nothing that is less impressive than Russians and Chinese morons.