Received some additional port scans and a couple of attempted DoS on a few ports since reporting the compromised machine, I have generated a plot of the scans from the data my router collected
Not had a scan since 1pm this afternoon nor any feed back from the abuse email at the ISP that owned the address block the machine was located in other than the original acknowledgement of my email to them. Also the attacking machine now appears to be offline as I can't reach the orginal web server page or the defaced page.
Very tempted to put together a project to amalgamate router log files from as many people who want to take part, over a period of time, either a month or 3 months and plot frequency of attack and give some data on the location of the sources of the attacks. If you are interested get in touch with me via twitter