The Republican Party appears to again be blocking Internet users from outside the United States from visiting its official web sites, with www.gop.com, www.rnc.org and www.GeorgeWBush.com all dropping traffic that originates outside North America. The timing and implementation of the blocking - which is now being provided through the political party's own web host rather than Akamai - suggests an ongoing interest in traffic filtering unrelated to the recent election.

The sites are all hosted by the Republican National Committee, the official site of America's governing party, which currently controls the Senate and House of Representatives as well as the White House. The blocking expands a practice implemented on the GeorgeWBush.com domain during the final week of the U.S. presidential campaign, when the Bush campaign site used Akamai's content management service to manage incoming traffic, citing security concerns.

On Nov. 24, the GeorgeWBush.com site stopped using Akamai and began having its domain name server (DNS) requests handled by the RNC's server, and redirecting traffic to the RNC's main site, gop.com. The RNC now appears to possess the capability to implement geographic blocking similar to the services Akamai provided for GeorgeWBush.com. Since Nov. 26, the rnc.org, gop.com and GeorgeWBush.com domains all show an identical pattern of failed requests from stations in London, Amsterdam and Sydney, while Netcraft's four U.S. monitoring stations show no performance problems.

A dynamically updating chart of site performance for GeorgeWBush.com is available here.

Some people might claim that this just represents a simplification in SCO's stance on Unix intellectual property but a closer look reveals that the prominent image on their home page was the work of an attacker.

In addition to the two comments made by the image, a woman is also depicted writing "Hacked by realloc()", which corresponds to the same person responsible for an attack on the site yesterday.

The same image also appears on SCO's backup site, thescogroup.com. It is not yet known whether this attack is related to the recent web site outages experienced on the site.

The APWG also cited 1,142 different web sites used in the October attacks, twice September's total of 584. That sharp rise in attacking sites suggests that phishing operations may be automating the deployment of attacks via hacked web servers.

A dynamically upgrading graph of SCO-related sites is available here.

Reports Saturday noted that the exploit appeared on numerous European sites, but it appears U.S sites may have been affected as well. An analysis of the exploit by LURHQ noted that "one of the hacked sites included a well-known Hollywood film studio's website." Falk AG's client list includes numerous entertainment properties, including NBC/Universal, The Golf Channel, The A&E Network and Sony Pictures Digital. The Dutch news site Nu.nl has also acknowledged hosting the banner exploits.

The Register said it is pursuing details of the event from Falk, which is expected to have public comment about the incident Monday. The LURHQ analysis said some versions of the complex exploit installed adware onto users' computers, while other versions downloaded remote-access trojan.

"Some high profile sites with banner ads are linking to servers that have the exploit and malicious code," according to an advisory on the ISC web site. The attack is an expanded version of banner-based exploits that first surfaced earlier this year. Banner networks, with their ability to place code on hundreds of outside sites, offer a vehicle for the rapid distribution of trojans and other malware, as well as a way to deface web pages. It is not clear whether the malicious code was being spread through a compromised ad server, or through specific banners submitted to ad networks.

Total Control Servers target small and medium-sized businesses that have grown beyond a standard dedicated server but can't easily afford traditional managed solutions. The program allows customers to customize a plan from a menu of hardware, software, bandwidth, backup and professional services. The program is billed on a month-by-month basis, with no money down and fees ranging from $249 to $1,999 per month.

The approach has proven popular with customers of other hosting providers, who account for the majority of The Planet's growth since the program's debut in March. An analysis of The Planet's competitive performance using our Hosting Provider Switching Analysis shows that of the 448K hostnames added in that period, more than 242K have come from rival hosting providers.

Hosting automation provider SWSoft said it will begin supporting Windows servers with its control panel products, which include Plesk, PEM, Virtuozzo and HSPcomplete. SWSoft says its software powers more than 70,000 servers, and is used by many of the largest hosting service providers. Another automation software maker, Ensim, said it supports the new features in its software for Windows Server 2003.

Yesterday's unveiling of Solaris 10 gained widespread news coverage as Sun Microsystems unveiled a new strategy in which the operating system will be free, while users pay for updates and support through subscription plans. The approach offers choices for companies weighing the relative merits of Solaris and Linux, and is similar to a business model unveiled last year by Red Hat Linux.

While Linux and Windows battle for market share at web hosting companies, Solaris remains the leading operating system among the largest U.S. corporations. Solaris powers the web sites of 43 members of the Fortune 100 in the U.S., compared to 32 companies using Windows and 12 running on Linux. Most of those enterprises continue to run Solaris 8 rather than Solaris 9, including Sun itself (which uses Solaris 8 for its main site but also has company web sites on Solaris 9) . Solaris 8 was launched in early 2000, while Solaris 9 followed in May 2002.

But some domain providers say concerns about fraudulent transfers are overblown, noting that ICANN's guidelines still require registrars requesting a transfer from another provider to seek approvals. If all the new ICANN rules are followed, the domain owner should be required to approve any changes with the new registrar - but not their current registrar.

"Much of the fear regarding this change in policy stems from the assumption that a Gaining Registrar will be violating the policy and submitting requests that have not been properly validated," DynDNS notes in a message to customers. "It is our firm belief that no registrar is going to do that, as it would likely result in the termination of their accreditation by ICANN if performed on any significant scale."

Other registrars appear more concerned, and are advising customers to lock domains ahead of the new ICANN policy, which places stricter guidelines on how "losing" domain registrars handle transfer requests. Domain locking prevents changes in the registrar, contact information and nameservers for a domain, and is offered by most registrars.

The Mozilla.org site has had some availability problems, but by 8 p.m. GMT the site was able to easily serve downloads of the 4.7 megabyte Firefox installation file for broadband users. A dynamically updating chart of the site's performance is available here.

Within hours of the browser's official release, the Mozilla site was slowing and Firefox enthusiasts were making use of the Google cache of download mirror sites. The list was also posted to Slashdot to help ease the traffic burden on the Mozilla.org site, which is hosted by Meer.net

This is a change from current procedure, in which a domain's ownership and nameservers remain unchanged if the current registrar receives no response from a domain owner to a transfer request. Update: Some domain providers say concerns about fraudulent transfers are overblown, noting that ICANN's guidelines still require registrars requesting a transfer from another provider to seek approvals from a domain owner.

The changes could mean trouble for domain owners who don't closely manage their records. Registrars are warning that domains with incorrect e-mail addresses and outdated administrative contact information could be at particular risk, as the domain's WHOIS database information will be used to inform domain owners of transfer requests.

A dynamically updating chart of site performance for GeorgeWBush.com is available here.

A dynamically updating graph is available here.

The price cut snaped a period of mediocre growth for Interland, which had averaged just 10.3K new sites per month over the previous five months. That's considerably less than the average monthly gain of 36.7K new sites over the same period for Yahoo, one of Interland's chief competitors in the small business shared hosting market. Yahoo's numbers have strengthened since August, when it lowered its domain pricing to $9.95 per year.

Interland's move continued a trend in which leading hosting companies are using aggressive domain pricing to acquire new business. Seven of the top 20 hosting providers (as measured by hostnames) now sell domain names for $9.95 a year or less.

The site, which tracks state-by-state polling data to project the outcome of the presidential race, is operated by academic Andrew Tanenbaum, the author of the Minix microkernel. Minix was used by Linus Torvalds as he began to write the Linux operating system.

Tanenbaum reported that the electoral-vote.com site was "subjected to (a) massive attack yesterday (Monday)," he writes. "There was another attack this morning and that took some time to deal with. Remember that if the site is unreachable, try the backup sites." To accommodate the traffic, Tanenbaum worked with site host HostRocket to set up six mirrors, www.electoral-vote3.com through www.electoral-vote8.com. "At one point I was tempted to say: 'How many 2-GB Pentium 4's do you have left and can I have them all?'," Tanenbaum says. "Ultimately I took only one more, but with help from some kind-hearted colleagues, I got mirrors up and running from Boston to San Diego."

During October all of the sites monitored experienced some failed requests, with iPowerweb and INetU the most reliable sites during the period.

Five of the top ten sites were running BSD based operating systems.

The discovery comes only days after a similar bug was found with the Google Desktop search tool. As Google spread their technology over a greater number of application areas, the possibility for error increases; which could explain the recent stream of discoveries as they fall victim to public scrutiny.

The latest cross site scripting opportunity exploits a flaw in the User Feedback section of Google's advertising system. This allows an attacker to inject their own content onto the page, which could lead to fraudulent activity or phishing. An attacker can exploit this vulnerability to affect any browser which has JavaScript enabled, including Microsoft Internet Explorer and Mozilla Firefox.

Salvatore Aranzulla's web site contains information about his discovery of the bug (Italian). He also demonstrates some URLs that can be used to exploit the bug.

In the November 2004 survey we received responses from 56,115,015 sites. The Internet has grown by 10.1 million sites in the first 11 months of the year, including a gain of 726,549 sites last month.

Barring a precipitous slowdown, 2004 should wind up as the Internet's second-strongest year for numerical growth, trailing only 2000, when the survey added 16.1 million sites. The survey added 10.6 million sites in 2001 and 10.4 million in 2003, marks that are well within reach given the pace of monthly gains thus far in 2004.

Prevailing trends continued apace in market share for major web servers, with the percentages for Apache and Microsoft fluctuating only slightly, as each continue to add users. Whle there has been some shifting between Microsoft operating systems (primarily upgrades from NT4 and Windows 2000 to Windows Server 2003), the competitive balance between Microsoft and Apache remains static.

Attempts to access english.aljazeera.net returned a "504 Gateway Timeout" message from the site's web host, AT&T WorldNet Services. "The web site you are attempting to access is currently unreachable," the message states. "This may be due to a network outage, or the web site might be experiencing technical difficulties."

A dynamically updating performance chart for english.aljazeera.net is available here.