I have a website that I am hosting that had some malware injected into it over a year ago when we were with a different provider on a shared host.
The files these bots are looking for are: config.bin and gate.php which I believe is part of the Zeus bot.
They execute their scripts and kill all resources on our server, even though these files no longer exist.
We have tried blocking IPs in htaccess, but the file is incredibly large now and doesn't seem to help. We have tried blocking IPs at the server firewall, not much help.
Anyone ever had this happen before? Any suggestions?