Malware Domain List

Malware Related => Compromised Servers => Topic started by: woden57 on February 07, 2011, 06:32:05 pm

Title: Help with server
Post by: woden57 on February 07, 2011, 06:32:05 pm
Hello,

My server gets hit with requests for something along this line "mysite.com/.vdtker/?action=captcha&a=get&i=115114&v=21"
and also .sys or .eoaxl in place of .vdtker

I have removed the files that were written on the server and I have even changed servers with a complete re-upload of all legitimate files.

My problem is that I'm getting hit with a few thousand "not found" requests for this crap every day.
I can find no way to trace the referrer, it's blank.

Is there a cure for this?

Thanks!
Title: Re: Help with server
Post by: MysteryFCM on February 09, 2011, 01:24:00 am
There's no way of stopping the requests, no. Though you can of course use a re-write to redirect the requests - but if there's a large volume, I wouldn't recommend it (strictly for bandwidth issues).

These requests are likely coming from either compromised machines, or automated monitors.