Jump to content

Recommended Posts

Hi & Thanks in advance.

 

Whenever I print I am getting pages printed out that say the following:

Get /manage/account/login HTTP/1.1

Host 108.84.7.254:9100

User Agent 'Cloud mapping experiment. Contact research@pdrlabs.net'

Accept *.*

 

Any idea how to get rid of this? I am sure its is some kind of malware.

 

 

Link to post
Share on other sites

There appears to be some kind of bot from "pdrlabs" - whoever that is - that has been hitting servers all over the internet with this message. The pdrlabs[.]net site appears to be down now, and nobody appears to know anything about it, who was running it, or what it was doing. You can see previous information displayed on that site on the Internet Archive:

https://web.archive.org/web/20220119164459/http://www.pdrlabs.net/

There's nothing to confirm that it's been engaging in malicious activity, but it's absolutely suspicious. It may be perfectly harmless, though... for example, it could just be some grad student's poorly thought-out "research" project.

What this means for you is that your printer is visible outside your local network, to the internet as a whole, and is getting pinged by this bot. This is somehow resulting in it printing out this information.

If your printer does not need to be exposed to the internet, you need to figure out how to shut that down. Your printer manufacturer may have some kind of remote printing service that forwards to your printer, or you may have "poked a hole" in your router deliberately (ie, configured port forwarding) to make the printer available from anywhere.  This will vary depending on printers and network setups, so I cannot give more specific advice, but you'll need to get that locked down so it's only available within your local network.

If it does need to be available from anywhere in the world, then you need some kind of firewall to protect it. Again, I can't give any more specific advice, but I'd consider finding a local computer services/IT consulting company and contacting them for advice.

Although this particular message does not appear to be involved with any known malicious activity, malicious access is always a possibility for anything exposed to the internet at large.

Link to post
Share on other sites

Since there's a known explanation for this problem, it's very unlikely that it could also be caused by a malware infection on one of your machines. What's probably going on is that, for whatever reason, the interactions between that computer and the printer have been affected by this bot. Perhaps the bot is trying to ping the printer repeatedly, but is only able to get through when that one computer is connecting to it. Is there anything unusual about how that one machine connects? Do you know if either the machine or the printer is exposed to the wider internet outside your local network, via port forwarding on your router or something else?

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.