JF Paris, I've encountered this problem too (it seems centered around France and began around February according to my research). From my logs, the behavior looks like some sort of browser hijack, not an injection bot. From what I could witness it doesn't seem harmful (no injection attempts in URL/POST) but I'd be very interested to have a definitive answer as well.
Multiple "wvdpforce" parameter in access log. Where it comes from
문제
In our apache access log, we found a lot of url ending with the parameter 'wvdpforce=1'
Anyone knows where this parameter come from?
해결책
제휴하지 않습니다 StackOverflow