The Planet, one of America's largest web hosting providers, is experiencing outages and performance problems today. The fast-growing Dallas company hosts more than 502,000 active sites, up from 127,000 last March. The full extent of the outage is not clear, but a number of prominent sites hosted at The Planet were offline for 90 minutes or longer, and the corporate sites for ThePlanet.com and its major business units (dedicated server provider ServerMatrix.com and game hosting specialist Insomnia365) were unreachable for much of the morning. As services resume, customer sites appear to be getting priority. Among the customer sites that were offline and are now back in service are the Gawker network of weblogs:

A dynamically updating chart of The Planet.com's web site performance is available here.

VeriSign received the highest marks in an evaluation of the firms competing to maintain the .net top-level domain (TLD), and appears likely to keep the lucrative registry deal for another six years. The report by Telcordia is influential in the decision on the future of .net, and ICANN indicated it would "promptly enter negotiations with the top-ranked applicant."

The report (PDF) ranked VeriSign slightly ahead of Sentan, followed by Afilias, Denic and CORE++. ICANN will now enter into negotiations with VeriSign, which currently maintains the .com and .net registries. If a deal can't be reached, ICANN would then presumably turn to Sentan, a joint venture between Japan Registry Services and NeuLevel (which maintains the .biz registry). Telcordia's analysis said Sentan is a viable alternative to VeriSign, which in theory should motivate VeriSign to quickly conclude a deal with ICANN. The new registry agreement will take effect July 1.

The World of Warcraft virtual world, which now has more than 1.5 million users, has experienced extensive downtime in the past 24 hours following a system upgrade for a content patch. The main web site is now back online, and the game's operator, Blizzard Entertainment, currently lists all server "realms" as being online But WoW forum postings indicate that many users continued to experience problems through midday Wednesday.

A dynamically updating chart of World of Warcraft's web site performance is available here.

VMyths maintains an archive of Internet hoaxes and urban legends, and has helped debunk rumor-driven news stories, including recent reports that the Lexus automobiles' onboard computers had been infected by computer viruses. Rosenberger is known for persistent needling of antivirus marketing practices, and worried that his favorite targets might want to shutter the site.

Dotster is running keyword advertising on tens of thousands of .info domains it recently registered, creating an instant advertising platform that generates revenue for both Dotster and Google. The strategy marks a shift in registrars' efforts to leverage the huge numbers of customer domains "parked" on their servers, which have traditionally been used to market registrars' in-house offerings.

Dotster is converting these parked domains into revenue from text ads served by Google's AdSense for Domains program. The model doesn't always work perfectly, however, as seen at dotster.info, which displays ads for two Dotster competitors, Register.com and Go Daddy.

Domain registrar Dotster surged past the 1 million hostname mark this month with a net gain of 312K sites, topping our monthly Hosting Provider Switching Analysis. The huge increase had little to do with customer demand, however, as Dotster became the second registrar to snap up a huge block of .info domains associated with its customers' brands, a practice known as "info-cloning." Dotster registered 343K .info domains for which its customers owned the .com or .net name. The .info domains are apparently still being offered free to registrars to build interest in the top-level domain extension.

Go Daddy added 145K sites, including 246K new sites, as it grabbed headlines and heavy web traffic from its edgy ads during the Super Bowl game on Feb. 6. This month's data includes activity in the first six days following the game. Discount ISP United Online gained 105K sites, including 101K switching in from About.com, which was sold to the New York Times for a reported $410 million on Feb. 17.

VIA.Net Works is seeking to sell assets to stave off an "urgent liquidity problem," continuing the turbulence and consolidation in Europe's hosting industry. The Amsterdam-based provider is seeking emergency loans, but exploring the sale of "all or part of its business."

VIA will run out of cash in early April, according to a press release Thursday. The crisis comes just 12 months after VIA.Net Works purchased Amen's large shared hosting operation, and just six months after it told investors it had $42 million in cash. VIA.Net Works is currently the seventh-largest European host, as measured by active sites.

Online Banking customers are being hit hard by steadily innovating phishing techniques which are being used by fraudsters to steal money and identities. The Netcraft Toolbar community has recently received two different attacks against Charter One Bank customers. In the first incident discovered last week, fraudsters exploited a facility which allowed them to display their own content within the Charter One Personal Online Banking SSL site at www.totallyfreebanking.com. The second incident was discovered at the start of this week and affects the www.charterone.com site.

In the first incident, the fraudster exploited a weakness that allows one of the bank's own web sites to display contents from any arbitrary URL within a frame. As the containing page is served securely over SSL, the user's browser displays a padlock symbol which is signed by Verisign and confirms that the site belongs to Charter One Financial.

Despite the reassuring presence of the browser padlock, the specially crafted URL causes one of the frames to display a form hosted on an ip address registered to Inktomi Corporation [now part of Yahoo] at https://s.p5.hostingprod.com/@www.totalfree.biz/ssl/. The fraudster's site also uses the SSL protocol, to avoid warning dialogs being displayed when a user visits the parent phishing URL.

This particular fraudster even exhibits a sense of awareness to those involved with combating phishing - just as the security community have coined the terms "phishing" and "pharming" to analogize fishing and farming, he refers to the form in the page as a "phorm".

The second incident uses an iframe to neatly inject arbitrary content onto a page at www.charterone.com, making it very difficult to tell that anything is awry. Wall St. Journal writer Jeremy Wagstaff comments on this in his blog and also told us that of the several anti-phishing tools he tried, the Netcraft Toolbar was the only one to successfully block this attack.

One surprising facet of hosting frauds on banking sites is that banks to date have tended to be significantly slower than hosting companies to react to fraudsters using their sites. Fraudsters have benefited from the longevity of frauds hosted on banking sites as well as their plausibility.

Netcraft's Toolbar database collates a large number of confirmed phishing sites every day, the most effective of which use cross site scripting and page injection to commit fraud. Netcraft provides a range of services for banks and other financial institutions to eliminate these kinds of errors from their systems, including comprehensive application testing and training for developers and designers of web based applications.

The January hijacking of panix.com has prompted ICANN to review whether domain registrars can outsource security checks designed to protect domain owners.

In its findings on the panix.com hijacking, ICANN said it is "very concerned" that Australian registrar Melbourne IT relied upon a reseller to confirm the transfer request, and will "review the appropriateness of these arrangements." Panix was never contacted, and thousands of customers of the New York ISP lost service for an entire weekend when panix.com was transferred to an Arizona woman using a free Yahoo email account. Tim Cole, ICANN's chief registrar liaison, called the incident "one of the more serious breaches of its policies by an accredited registrar."

"Botnets" of compromised computers launched 226 distributed denial of service (DDoS) attacks on 99 different targets in a three-month period from November to January, according to new research from The Honeynet Project.

"The threat posed by botnets is probably worse than originally believed," concludes the report, Know your Enemy: Tracking Botnets, which estimates that more than 1 million hosts are being remotely controlled by hackers. The report analyzed data from a network of "honeypots," computers that are intentionally compromised and monitored. That data, along with activity in IRC channels used to direct the attacks, offers a window into the world of botnets.

Fedora, the community-driven Linux distribution started by RedHat, is the fastest growing Linux distribution in the web server survey. Based on distribution names contained in the server banner, Fedora has outpaced all its rivals over the last six months, growing fastest both in absolute numbers and in relative terms.

RedHat's strategy of reserving the RedHat brand for its commercial offerings, while using community-driven development in Fedora to try new features, seems to be working well. RedHat seems to have the best of both worlds at the moment: market-leading status for RedHat Linux, plus the fastest growing community distribution in Fedora. While share for RedHat itself is falling, taken together with Fedora its share is around 50% and rising slightly.

New domain names can't get much cheaper, but the secondary market continues to see big-ticket sales. Local.com was bought for $700,000 Monday by search engine services firm Interchange Corp., which operates the ePilot pay-per-click advertising network.

Pricing was stable in the market for first-time domain registrations, with no major price movements among the largest hosting companies and registrars. Netfirms has the current lowest price for a one-year .com at $4.95. Yahoo once again extended its $4.98 a year "limited time offer" as it launched a new Small Business Resource Center.

Well known banks have created an infestation of application bugs and vulnerabilities across the Internet, allowing fraudsters to insert their data collection forms into bona fide banking sites, creating convincing frauds that are undetectable to most customers. Indeed, a personal finance journalist writing for The Motley Fool was brave enough to publicly admit to having fallen for a fraud running on Suntrust's site and having her current account cleaned out. It's a reasonable premise that if a Motley Fool journalist can fall for a fraud, anyone can.

One fraud recently blocked by the Netcraft Toolbar was at Citizens Bank. Fraudsters composed and mass mailed a phishing mail which exploited a program on CitizensBank.com, loading Javascript from the attackers' server hosted at Telecom Italia. Customers were presented with a page bearing the CitizensBank.com URL in the address bar, while the browser window displays a form from the Telecom Italia server asking for user login information.

The script being exploited allows visitors to search for Citizens Bank branch offices in their town. Along with search scripts, branch locator pages are frequently carelessly coded and are targets for fraudsters who are actively analyzing financial web sites for weaknesses.

The geek news portal Slashdot was offline this morning, along with the other sites in the Open Source Technology Group. The site is daily reading for computing and technology enthusiasts, and is widely followed by journalists tracking the IT industry.

A dynamically updating chart of Slashdot's uptime is available here.

Hundreds of thousands of web sites that continue to run the Windows NT4 face a security dilemma, with no public patch available for a vulnerability in a key Windows networking protocol. The critical flaw in the Server Message Block (SMB) protocol could allow remote attackers to seize control of servers.

Microsoft addressed the SMB issue in its February security update. But the monthly Windows patches no longer include fixes for Windows NT4, which is beyond its end-of-life and remains vulnerable to SMB exploits, according to an advisory from eEye Security.

Microsoft retired NT Server 4.0 on Dec. 31, and now only offers custom paid support for the eight-year old OS. But about 1.1 percent of web-facing hostnames continue to run on Windows NT4, according to this month's Web Server Survey. Thousands of those hostnames are on SSL-enabled web sites which may be conducting e-commerce.

Rackspace, New York Internet, Verio and Pair Networks ranked as the most reliable hosters during February 2005. Rackspace, a managed hosting specialist, has made numerous appearances in the monthly top 10, but this is the first time it has been the top performer. Making its first appearance is domain registrar Go Daddy, which was highly reliable during a period of heavy site traffic related to a Super Bowl advertisement.

This month's top 10 includes four sites running on Linux, two on Windows Server 2003, three on FreeBSD and one on Solaris 8. A Linux site was the most reliable for the first time since June 2004, ending a string of months in which either FreeBSD or Windows Server 2003 powered the top performing site.

Phishing operations have begun using DNS wildcards and URL encoding to create email links that display the URLs of legitimate banking sites, but send victims to spoof sites designed to steal their login details. A wildcard DNS record (*.example.com) will resolve all requests that are not matched by any other record. Wildcards are typically used to manage errant or mistyped e-mail addresses, but have been routinely abused by spammers.

In recent weeks wildcard DNS settings have been used in a wave of phishing attacks on Barclays Bank, in which the "bait" email included URLs starting with barclays.co.uk, followed by a lengthy sequence of letters and symbols. Several examples:

  
http://barclays.co.uk|snc9d8ynusktl2wpqxzn1anes89gi8z.dvdlinKs.at/pgcgc3p/
http://barclays.co.uk|YJ3EMOHOqljQ8J5oW2ZKyTaRMQOahSWaxTrFTEQK9l9VVQj6jDtyq10d24r2h0bijh2
http://barclays.co.uk|34fdcb4rvdnp9phxbahhvbs6l56a2uyx%2edivxmovies%2ea%74/41pvaw3/

The phishers use a wildcard DNS setting at a third-party redirection service (kickme.to) to construct the URLS. The wildcard allows the display of URLs beginning with "barclays.co.uk," which is followed by a portion of the URL which is encoded to obscure the actual destination domain.

DNS cache poisoning injects false information into DNS servers, which route Internet traffic by matching domain names with IP addresses at web hosts, allowing hackers to redirect users to bogus web sites. In Saturday's attack, a known vulnerability in Symantec firewalls was exploited to change information on a small number of local DNS servers, sending requests for Google.com, eBay.com and Weather.com to a trio of hacker sites (7sir7.com, 123xxl.com and abx4.com) that attempted to install spyware on vistors' computers.

While many registrars offer domains for less than $8 a year, Network Solutions sells .com names for $34.99 a year. The company is bundling a free domain with one-year signups for new web hosting plans, which range from $9.96 to $29 a month. NetSol is following the lead of registrar competitors Go Daddy and eNom, which each expanded into shared hosting in 2003, prompting hosting companies to slash domain prices.

Network Solutions has begun growing again after years of decline. But the vast majority of its 1.4 million hostnames are parked domains and one-page template sites. Since January 2004, NetSol's active sites - those containing multi-page content - have grown from just 406 to 17,200 this month. The company sees its new hosting packages as the key to moving to the next level.

We now find more than 60 million web sites on the Internet, as the March 2005 survey received http responses from 60,442,655 sites.

The milestone comes just nine months after the survey crossed the 50-million mark in May 2004, as the growth of the Web continues to accelerate, approaching the dizzying pace of the height of the Internet boom. During the year 2000, the number of sites found by the Netcraft survey doubled from 10 million to 20 million in just seven months. More recently, it took 13 months for the Web to grow from 40 million to 50 million sites.

This month's gain of 1.34 million sites was the largest since April of last year (+1.7 million) and marked the 25th consecutive month of growth for the Web after a two-year shakeout to absorb the collapse of the dot-com and telecom industries.

Apache continued to take market share from Microsoft servers, gaining nearly 0.7 percent last month after gains the previous two months. After little or no change in server market share during 2004, Apache has widened its margin by 2.0 percent thus far in 2005.