I know I asked this already, but is there any reason you're not just changing your kHTTPd port to avoid these hacks? If your HTTP daemon isn't running on 80, you won't get hit by these viruses. This is much simpler than buying hardware, and it's free...