Do those requests show up as coming from China? I thought it was only people outside China who are being giving the poisoned javascript, and the requests are being made on the client-side from them - which would appear to be just random traffic?
Perhaps Baidu still shows up as the referring URL, though?
the requests are coming from the computers outside of china (that access chinese sites), thus you cannot simply BGP null-route all Chinese prefixes to mitigate this.
> I thought it was only people outside China who are being
> giving the poisoned javascript, and the requests are
> being made on the client-side from them - which would
> appear to be just random traffic
I would have thought you could usefully heuristically look at the referrer header.
Perhaps Baidu still shows up as the referring URL, though?