[geeklog-devel] New Santy worm and impact on Geeklog sites
Dirk Haun
dirk at haun-online.de
Thu Dec 30 04:00:11 EST 2004
As Tom pointed out in this thread: <http://www.geeklog.net/forum/
viewtopic.php?showtopic=45173>, geeklog.net has been going slow for the
last few days.
A quick peek at the logfile seems to point at that new variant of the
Santy worm as the culprit. Yesterday's logfile has more than twice the
amount of requests than on a normal day.
If you can, do a "tail -f access_log" on your server, sit back and enjoy
the show. It's amazing.
Here's a tip from my web hoster's support forum:
RewriteEngine On
RewriteCond %{QUERY_STRING} ^(.*)wget\%20 [OR]
RewriteCond %{QUERY_STRING} ^(.*)echr(.*) [OR]
RewriteCond %{QUERY_STRING} ^(.*)esystem(.*) [OR]
RewriteCond %{QUERY_STRING} ^(.*)highlight=\%2527 [OR]
RewriteCond %{HTTP_COOKIE}% s:(.*):\%22test1\%22\%3b
RewriteRule ^.*$ http://127.0.0.1/ [L,R=301]
I'm using that on geeklog.net now. We'll see if it helps ...
bye, Dirk
--
http://www.haun-online.de/
http://www.macosx-faq.de/
More information about the geeklog-devel
mailing list