Apache hit another milestone earlier this month when our Web Server Survey found 40 million sites now running on the Apache server, which powers nearly 70 percent of web sites.

Apache was detected on 658 sites in the initial Netcraft survey in August 1995, just six months after the project's launch, when its 3.5 percent market share was dwarfed by software from NCSA (57 percent) and CERN (19.7 percent). The Apache server reached 10 million sites in June 2000, 20 million in November 2001 and 30 million in November 2003.

In an interview with Netcraft last year, Apache co-founder Brian Behlendorf assessed the remarkable growth. "I imagine most of the growth continues to be either with the small mom-n-pop companies, or web hosting ISPs, or internationally - all places where price sensitivity is high, where the economic downturn is still causing budgets to be hurt, and there's willingness to consider an Open Source approach to solving a given problem," said Behlendorf. "I imagine the rise of related Apache projects, like the continued rise in use of mod_perl and Tomcat and our friends over at PHP, have only increased the confidence in using the web server for mission-critical situations."

Artists Against 419 targets web sites it has connected with advance fee (419) scams involving international money transfers. The group uses web applications and organized "flashmobs" of web users to target sites that remain online after hosting firms and law enforcement have been contacted.

When the Mugu Marauder was launched on Feb. 7, Netcraft began monitoring five sites on the list of target URLs published by Artists Against 419. Four of the five are now offline, with crownsecuritiesandfinance.com (removed from DNS) and www.firstglobaltrust.com (account terminated by web host) shutting down within days. Three sites housed at Chinese hosts lasted longer. Abbeytrustonline.com and bancoplatinum-online.com, housed at fz.fj.cn, became inaccessible last week. Swissroyallbank.com remains available on the Fujian Province Network, and continues on the Muru Marauder target list.

The development teams for Firefox and Opera have updated the browsers to address URL spoofing using Internationalized Domain Names (IDN), allowing users to visit IDN domains but be protected from phishing attacks. The attacks do not affect Microsoft's Internet Explorer, the most widely-used web browser, which does not support IDN names.

Firefox 1.0.1 will display IDNs as punycode in the browser's address bar, allowing users to detect phishing attacks using potentially deceptive uses of IDNs. The new approach can be seen on the original demo demonstrated by the Shmoo Group, which uses a Unicode link to display www.theshmoogroup.com in the status bar of affected browsers, but sent users to www.xn--theshmogroup-bgk.com. The status bar now displays the unspoofed URL:

"One of the potential exploits addressed in this release could be serious in certain situations and thus we urge all users to upgrade to this release as soon as possible," the phpBB Group said in its advisory. The security fixes address multiple bugs that disclose the full path to system files in phpBB, which is powered by the PHP server-side scripting language. A vulnerability reported by iDefense could, under some configurations, allow malicious users to view system files.

"At about 14:15 PST some circuit breakers were tripped in the colocation facility where our servers are housed," WikiPedia reported in a message to users. "Although the facility has a well-stocked generator, this took out power to places inside the facility, including the switch that connects us to the network and all our servers. The sticky point is the database servers, where all the important stuff is."

Internet marketing firm Marchex Inc. has finalized a deal to pay a whopping $164.2 million for Name Development Ltd., which displays keyword advertising across a portfolio of more than 100,000 domains. The deal, along with the recent sale of a misspelled domain name for $112,000, offers evidence that mistyped URLs and other "accidental traffic" have become big business.

The pricetag on the sale of Name Development is more than the $155 million paid by SAVVIS Communications to acquire Cable & Wireless America, and nearly as much as the $176 million Freenet paid for the hosting operations of Germany's Tect AG. SAVVIS gained about 350K hostnames in the C&W deal, while Freenet acquired 2.2 million hostnames from Tect.

The spoof exploits flaws in how the browsers interpret Unicode, a broad character set used in IDN that allows URLs to include non-English characters. Unicode can be used to craft "homographic" attacks, in which two different combinations of characters in an HTML link can display the same URL in the browser, but send users to different sites. URL spoofing exploits are useful to Internet phishing scams, making it easier to trick victims into sharing sensitive information with bogus web sites constructed by fraudsters.

That huge hosting business isn't entirely a holdover from the dot-com days, either. In the last year MCI has added 213K hostnames for 33 percent growth. Only eight other companies have added more hostnames during the same period, with MCI's hosting growth outpacing that of Yahoo, Hostway and Tect AG, among others. The former WorldCom has added more than 61K hostnames in the past two months alone.

Perhaps the biggest boost for Go Daddy was provided by NFL executives, who pressured Fox to cancel a scheduled second showing of the company's edgy commercial, launching hundreds of news stories (a Google news search finds more than 2,700 stories mentioning Go Daddy) and probably saving the company the $2.4 million fee in the process. Minutes after the game's conclusion, Go Daddy CEO Bob Parsons used his personal weblog to break the news of the ad's cancellation.

"There are websites that provide legal downloads. This is not one of them," reads the new front page of lokitorrent.com. "This website has been permanently shut down by court order because it facilitates the illegal downloading of copyrighted motion pictures." An MPAA press release said LokiTorrent operator Edward Webber agreed to pay "a substantial settlement with even greater financial penalties for any further such actions," and was under court order to provide the MPAA with logs and server data.

A dynamically upgrading chart of www.lokitorrent.com is available here.

Netfirms specializes in hosting for the small business market, and currently hosts about 51,000 hostnames. Its domain policy allows up to five domains to be registered from the same billing address at the $4.95 price.

"For much of Monday and Tuesday, as well as several hours last week, all of benedelman.org was unreachable," Edelman writes. "My prior web host, Globat, tells me I was the target of the biggest DDoS attack they've ever suffered - some 600MB+/second."

The phpBB.com site blamed the intrusion on "a group of politically motivated hackers" wishing to publicize an agenda. "While the group who did this say they changed only a single password, we have lost all access to the server, " the phpBB.com team states. "This means we cannot access the system even in single user mode." The compromised server is being shipped from the project's data center to its server manager, meaning the site is unlikely to be restored immediately.

The exception is the web site for War of the Worlds, the upcoming Steven Spielberg film adaptation of H.G. Wells' tale about a Martian invasion of earth. The performance of waroftheworlds.com was stable Sunday night, but slowed dramatically at the start of the U.S. business day Monday, suggesting a flurry of "morning-after" visits.

The spoof exploits flaws in how the browsers interpret Unicode characters. A link using Unicode characters to replace the letter "a" in "Paypal" will display as www.paypal.com in the browser, but send users to www.xn--pypal-4ve.com - which then displays "www.paypal.com" in its address bar. A similar spoof works on SSL-enabled URLs (https) commonly used on banking and e-commerce sites.

Several UK betting sites have experienced lengthy outages today as betting action mounts ahead of Sunday's Super Bowl. The simultaneous downtime at UK Betting and TotalBet were preceded by a similar period of slowed response time at early Friday.

(UPDATE, Feb. 8: In our initial post we indicated that UKBetting and TotalBet are hosted at Prolexic, which specializes in defending against distributed denial of service (DDoS) attacks. Prolexic hosts IP addresses for UKBetting and TotalBet, but does not host customer servers or web files. Its systems deflect DDoS attacks, forwarding legitimate traffic to clients' servers. "Our network operated at 100% uptime during the entire Super Bowl week including the entire time during the reported Totalbet/UK Betting failure," said Prolexic CTO Barrett Lyon, who said the outage was caused by technical failures elsewhere, and not related to a DDoS attack.)

Betting sites are frequent targets of scams that seek payoffs by threatening a site operator with DDoS attacks, which gain leverage when timed to heavy betting events, when downtime is more costly. It is estimated that online betting sites will handle at least at $450 million in wagers on Sunday's game between the New England Patriots and Philadelphia Eagles.

Netcraft is monitoring the performance of twenty leading UK Internet Gambling Sites, with dynamically updating graphs available here.

That would be consistent with Google's indication that it will use its ICANN accreditation to "learn more about the Internet's domain name system ... While we have no plans to register domains at this time, we believe this information can help us increase the quality of our search results," the company said in a statement. As a public company, Google is unlikely to publicly misstate its intentions, lest it face scrutiny from regulators and investors.

Even if it doesn't enter the registry business, Google's plans could affect the price of domain sales on the secondary market. The strategy outlined by Datamonitor, citing "a source claiming knowledge of Google's plans," would make it more difficult for domain owners to benefit from a strong Google ranking when they sell a domain.

Datapipe, which was the most reliable hosting provider for the second half of 2004, got the new year off to a strong start with a faultless performance in January, with no failed requests from any of our measurement points. It was the first flawless month for a hosting provider since last March, when German hoster Komplex had zero failures.

Datapipe's web site is powered by Windows Server 2003. This month's top 10 includes four sites running on Linux, two on Windows Server 2003, two on FreeBSD, one on Solaris 9, and one site (Interland) on Windows 2000.