JF Paris, I've encountered this problem too (it seems centered around France and began around February according to my research). From my logs, the behavior looks like some sort of browser hijack, not an injection bot. From what I could witness it doesn't seem harmful (no injection attempts in URL/POST) but I'd be very interested to have a definitive answer as well.
Multiple "wvdpforce" parameter in access log. Where it comes from
Frage
In our apache access log, we found a lot of url ending with the parameter 'wvdpforce=1'
Anyone knows where this parameter come from?
Lösung
Lizenziert unter: CC-BY-SA mit Zuschreibung
Nicht verbunden mit StackOverflow