Logs indicate several connecting Chinese IP addresses were responsible for exploiting a Menalto v1 Gallery comment form injection vulnerability over the weekend. Multiple PHP files were modified to include an ob_start("security_update") function and attempted to use iFrames to redirect visitors to http://www.iws-leipzig.de/contacts.php.
The banhammer was dropped on the following. I suggest any site administrator reading this do the same. You don't need those damn Chinese in your neighborhoods, anyway.
117.21.0.0 - 117.21.255.255 | CHINANET Jiangxi province network |
222.184.0.0 - 222.191.255.255 | CHINANET jiangsu province network |
46.119.122.0 - 46.119.122.255 | Golden Telecom LLC Natalia Pigorova 15/15/6 |
61.158.128.0 - 61.158.255.255 | China Unicom Henan province network |
Thanks to http://ip2location.com, I will be banning all of China.