Search | Archive | Categories
A good writeup of the Santy worm is at F-secure. Since I was already attacked with a simple version of the explot, I luckily developed immunity to it. But, the site was getting a lot of unregistered users with a referer of lwp-trivial. After I added a block of lwp, the traffic went back down to normal. I have also installed the Log Highlight Requests mod to block and log those who try to use the highlight vulnerability.

Patch of highlight bug
Santy worm makes unwelcome visit - BBC
Source code of the Santy worm
How it uses Google to spread

Posted: 2004-12-29 16:30:07

<< Year in reviewAsia Tsunami Disaster >>