Fraudsters have exploited a flaw in the eBay web site that allows them to orchestrate phishing attacks using eBay's own Sign In page.

Registered users of eBay's popular online auction web site must sign in using a username and password in order to participate in bidding and listing of items. A new style of phishing attack reported through the Netcraft Toolbar community shows fraudsters exploiting flaws on the Sign In page and on another ancilliary page which results in victims being redirected to the fraudster's phishing site after they have logged in.

This particular attack starts off like many others, by sending thousands of emails that instruct victims to update their eBay account details by visiting a URL. However, that is where the similarity ends, because the URL in this case actually takes the victim to the genuine eBay Sign In page, hosted on signin.ebay.com. By including special parameters at the end of the URL, the fraudster has changed the behaviour of the Sign In page so that when a user successfully logs in, they will then be sent to the fraudster's phishing site via an open redirect hosted on servlet.ebay.com.

The eBay Toolbar reports that the maliciously modified Sign In page is a "Verified eBay Site". Conversely, the Netcraft Toolbar denies access to the modified page while still allowing access to genuine eBay Sign In pages.

The victim is more likely to trust the contents of the fraudster's site, because they have arrived there as a result of signing into eBay via a genuine eBay Sign In page. Because there is less reason to suspect anything is awry, the victim is more likely to surrender any sensitive details in the mistaken belief that they are really giving them to eBay.

The secret to one of the Internet's fastest-growing businesses can be found on a web server operated by Oversee.net, a little-known Los Angeles Internet marketing company. That single server houses more than 500K hostnames, all bearing web pages filled with pay-per-click advertisements from Google and Yahoo Search Marketing, and generating revenue for the owners of those domains.

Oversee operates Domain Sponsor, one of the largest players in the domain monetization industry. These services place pay-per-click ads on parked domains, optimize the sites to attract traffic, and split the resulting ad revenue with the domain owner. Their success has helped the domain resale market evolve from a speculative venture into an industry with a defined business model, which is now attracting considerable interest from venture capital firms.

Domain parking services use advanced analytics for ad matching and traffic building, and are efficient in their use of web hosting, packing thousands of domains on their servers. These operations have helped solidify the statistical leadership of open source hosting platforms, as nearly all are served by Apache web servers running on either Linux or FreeBSD.

EurID, the operator of the new .eu top-level domain (TLD), says registrars won't be allowed to sell .eu domains through resellers. In a statement on its web site, EurID says its agreement with the European Commission prohibits .eu sales by parties that haven't been approved by EurID. "This means that the offering of services as a 'reseller' ... is completely excluded," says the statement. While no firm date has been set, the launch of .eu domain sales is expected to begin in early 2006. Domain industry insiders say similar reseller bans are being considered for other upcoming TLDs, including the .xxx and .travel extensions.

Resellers are an important sales channel for many domain name registrars, who provide back-end management of the domains sold by partners. The reseller model is used by thousands of web hosting companies, allowing them to seamlessly sell domain names alongside their core hosting and e-mail offerings. Some registrars specialize in the reseller market, providing private-label domain management sites, which can be branded with the resellers' logo and marketing. One of the largest reseller networks is operated by eNom, which is among the registrars approved by EurID to sell .eu domains.

The web site for the World of Warcraft online game was unavailable for much of the day Tuesday, with many of its game servers offline for maintenance as well. The "virtual world" now has more than 3.5 million subscribers, including 1.5 million new paying customers from China. Users on numerous World of Warcraft servers have been reported performance problems in recent weeks.

A dynamically updating chart of World of Warcraft's web site performance is available here.

The Mozilla Foundation site has been experiencing intermittent performance problems, which began early Sunday. Mozilla.org is the home of Firefox, the free web browser which has been downloaded nearly 75 million times. Version 1.0.6 of Firefox was released last week, but it's not clear whether the update contributed to Sunday's sluggish performance for the Mozilla.org site, which was slowed by heavy demand during the browser's launch last November. UPDATE: Mozilla reps say a software misconfiguration, rather than heavy traffic, was responsible for the site's performance problems (details here).

A dynamically updating chart of the Mozilla site's performance is available here.

The operator of the .name registry is offering a "free trial" on its domains, and appears to be encouraging registrars to mass-register .name URLs for existing customers. The Global Name Registry, which oversees .name, is limiting the freebie to a 60-day trial period, after which the registrant must pay for the name or return it to the registry. The promotion refines an Afilias' promotion from last year offering introductory free pricing on .info domains, but places a shorter time frame (60 days versus one year) before the domain fees must be paid. "All Free Trial Names are registered in bulk, i.e. an ISP/Registrar can allocate a free trial name to each of its customers at no charge," the offer notes. eNom affiliate Sipence used the Afilias offer last year as an opportunity to bulk register 1 million .info domains for customers who owned the same name in .com or .net.

The .name promotion was the major pricing news in a month in which prices for a one-year .com name held steady across our list of domain sellers.

ICANN and VeriSign will consider changes to the new .net registry agreement in response to a mass protest by major domain name registrars, who said the deal represented a "breach of trust" between ICANN and the registrar community. In response to a joint protest by more than 30 registrars at a Luxembourg meeting, ICANN chairman Vint Cerf announced today that VeriSign and ICANN will re-examine a provision in the agreement that lifts restrictions on the price VeriSign can charge registrars for each .net domain they sell.

"In light of the comments and the concerns from the community, VeriSign is willing to discuss reworking the fee cap provision," wrote Tim Ruiz of Go Daddy in an update to registrars. With the announcement, ICANN and VeriSign have committed to further discussions, with no guarantee of changes at this time. But the reopening of negotiations was seen as a step forward by registrars, who were concerned that changes in the fee structure in the .net agreement could set a precedent for the renewal of the .com registry, also maintained by VeriSign. But the registrars' primary grievance was that the lifting of the price cap was negotiated privately, and never mentioned in published drafts of the agreement.

Domain registrar eNom has once again made a major landgrab of .info domains, registering 320,000 names in June, giving it the largest net gain in this month's Hosting Provider Switching Analysis with an increase of more than 287K hostnames.

There were several significant percentage gains in this month's analysis as well, including a large switching gain for Las Vegas hosting provider Powerpulse.cc/Colocation Gateway, which had more than 84K sites transfer from Rackspace. NR Software was also among the leaders for percentage gains with a net increase of 90.7K sites, driven by 133K new sites and a pickup of 2K hostnames from MCI.

ICANN is lifting restrictions on VeriSign's pricing of .net domains after Jan. 1, 2007, a move that may signal ICANN's intent to get out of the business of regulating domain name pricing. ICANN has historically capped registry fees at either $6 or $4.25 per domain, depending on the top-level domain extension (TLD). The new contract reduces the current .net price cap from $6 to $4.25 through Dec. 31, 2006, but then lifts it altogether. The awarding of the .net registry to VeriSign has already prompted controversy and criticism from competitors.

VeriSign's Tom Galvin noted that the new contract (PDF) gives the company the flexibility to raise prices to invest in its infrastructure, but said VeriSign "will take a prudent approach to any adjustment in .net pricing." VeriSign must give six months' notice of any price change, providing an opportunity for existing domain name owners to lock in existing prices with a multi-year renewal.

Hosting companies have been slashing domain prices in a bid to acquire hosting customers, effectively commoditizing first-time domain registrations. The discounts on new domains have persisted even as resale prices for existing domain names have soared, a disconnect that has encouraged speculative buying of previously unregistered names.

Some web hosts are banning the use of phpBB in the wake of persistent security problems for the popular open source web forum program. The move follows renewed attacks on phpBB after a coding error was found in the same file targeted by a December worm attack that defaced thousands of phpBB sites.

"It's been brought to our attention over recent weeks that some hosts are banning or dissuading the use of phpBB," said a message from the phpBB development team. "This is unfortunate for everyone and seems largely to be based on FUD (Ed. fear, uncertainty and doubt). While phpBB has and no doubt will continue to suffer from exploits (show me a piece of software that doesn't!) we have consistently addressed such issues very quickly."

Web hosts are less impressed. One host that has banned the software said phpBB had been its biggest security headache. "Since January, phpBB has been through at least 4, and maybe 5 revisions due to serious vulnerabilities, often found/reported wthin HOURS of a version release," HostPC said in its customer advisory.

The web sites for the BBC and Reuters struggled to remain available early this morning amid heavy traffic from Internet users seeking the latest news about this morning's terror attacks on the London transit system. Performance for both sites has improved throughout the day. Multiple simultaneous explosions rocked London's subway system and a passenger bus during rush hour this morning, leaving more than 30 dead and hundreds injured. The blasts came as a meeting of G8 leaders convened in Scotland.

In the hours immediately following the attacks, the BBC web site limited the number of images on its home page, which reduces server load during periods of high traffic volume, as image files tend to be larger than HTML files. That helped the BBC site remain largely available, albeit with intermittent outages and slow response times. The Reuters web site showed better response time on our uptime charts, but in many cases that response was a system message stating that the server was too busy to respond. Within several hours, the Reuters site appeared to be operating normally.

Major US news sites were seeing no performance problems, and major UK corporate sites experienced only minor problems, with only scattered, brief outages among FTSE 100 companies.

A power outage at an Advance Internet hosting facility has hobbled the web sites for the company's chain of more than 30 newspapers, including many large metropolitan dailies. The Advance newspapers have switched to text-based sites to continue publishing, but are currently unable to display advertising, making the outage a potentially costly event.

Affected sites include NJ.com, Michigan Live, Cleveland.com, The Portland Oregonian and the online classifieds site BestLocalJobs.com and Best LocalAutos.com. One of the affected papers, The New Orleans Times-Picayune, is in the midst of covering the impact of Tropical Storm Cindy, which hit the New Orleans area yesterday and has left more than 240,000 local residents without power as well.

Many popular PHP-based blogging, wiki and content management programs can be exploited through a security hole in the way PHP programs handle XML commands. The flaw allows an attacker to compromise a web server, and is found in programs including PostNuke, WordPress, Drupal, Serendipity, phpAdsNew, phpWiki and phpMyFAQ, among others.

The flaw affects the XML-RPC function, which has many uses in web applications, including "ping" update notifications for RSS feeds. PHP libraries that allow applications to exchange XML data using remote procedure calls(RPC) fail to fully check incoming data for malicious commands. The affected libraries, including PHPXMLRPC and Pear XML-RPC, are included in many interactive applications written in PHP.

Rackspace, Interland and 1and1.com share the top slot as as the most reliable hosting company sites this month. Rackspace, was also the most reliable hoster in February, March and April 2005. Datapipe, which was the most reliable performer for the second half of 2004, has now been among the top 10 performers every month thus far in 2005. This month's results end a string of nine consecutive appearances for iNetU among the top 10 most reliable hosts.

This month Linux, Windows and FreeBSD all have 3 sites each in the top 10, with one running Solaris. The second-place showing by Interland continues a string of strong performances for Windows 2000 hosts, which have ranked either first or second in reliability in each of the past three months.

In the July 2005 survey we received responses from 67,571,581 sites. The gain of 2.76 million hostnames from June is the second-largest monthly increase in the history of our survey, as 2005 continues to shape up as a historic year for Internet growth. The only larger gain was a 3.3 million hostname increase in March 2003, which ended months of stagnation and kicked off 30 consecutive months of positive growth for the Web.

Factors in the dramatic growth include:

• Increasing use of the Internet by small businesses as web sites and online storefronts become more affordable.
• The explosive growth of weblogs, a growing number of which are purchasing domains for branding purposes.
• Speculation in the market for domain names, buoyed by rising resale prices and the ability to generate revenue via pay-per-click advertising on parked domains.
• Strong sales of online advertising, especially keyword-based contextual ads that support business models for both domain parking and commercial weblogs.

The Internet has added 10.7 million hostnames in the first seven months of the year. Barring a dramatic slowdown, 2005 should easily exceed the record growth of 16 million hostnames in 2000.