In the July 2006 survey we received responses from 88,166,395 sites, an increase of 2.87 million (3.25%) from last month. The Internet continues to see strong hostname growth, and has now gained 14.1 million hostnames (19%) in 2006 for an average increase of more than 2 million per month.

It was a good month for the Apache web server, which gains 3.2 million hostnames. The improvement boosts Apache's market share by 1.8% to 63.25%, gaining back some of the ground it lost during several months of strong gains for Windows servers. The largest gains for Apache was at Oversee.Net, which added more than 0.58 million hostnames on the Linux/Apache platform. But Apache's growth in the hosting sector extends beyond Oversee.Net, as eleven other hosting companies added 20K or more hostnames on Apache.

Solaris has a loss of 953K hostnames, resulting in a loss of nearly half its market share (-1.1% to 1.5%). The decline occurred at a single host, Network Solutions, where access problems prevented us from obtaining a thorough tally.

Potentially serious security flaws have been found in existing versions of the Mambo and Joomla content management systems, and developers of the two projects are advising users to install upgrades or security patches as soon as possible. Both programs are vulnerable to SQL injection attacks, which allow remote attackers to execute commands on the web server in by typing SQL code into form fields. Joomla is a fork of Mambo, with both programs derived from the same code base.

Mambo and Joomla are open source projects which use the PHP scripting language and MySQL database. These applications are popular with web site owners because they are powerful, user-friendly, and can be installed by users with little or no PHP coding experience. They are also frequently targeted by Internet criminals seeking to crack web servers for use in botnets, phishing scams and distributed denial of service (DDoS) attacks. The Internet Storm Center said it is receiving reports that older versions of Mambo are being actively targeted and exploited using unpatched vulnerabilities.

Network problems at Internet backbone provider Level 3 have caused some intermittent connectivity problems today for customers of several U.S. access providers. The issue appears to be related to network integration of Wiltel Communications, which was acquired by Level 3 last fall. By late afternoon, East Coast time, Level 3 was reporting that the situation had been stabilized. Level 3 is one of the largest providers of wholesale dial-up service to ISPs in North America and is the primary provider of Internet connectivity for millions of broadband subscribers through its cable and DSL partners.

Many sites hosted at Fasthosts, one of the UK's largest hosting providers, were unavailable for about 9 hours Sunday. Fastshosts hosts approximately 560,000 hostnames. The outage knocked out Fasthosts' own site, along with customers including Net4Now, which attributed the problems to a fiber cut at Telewest/BlueYonder. The fiber cut also affected cable TV service to about 100,000 UK subscribers who lost their signal just prior to the start of Sunday's World Cup soccer game, in which England defeated Ecuador 1-0.

Net4Now wondered how a fiber cut at a single connectivity provider could affect so many sites, given Fasthosts' statement that "every server enjoys a fully redundant Tier 1 connection so our customers never experience slow-down or service interruptions." The outage can be seen in this chart of the uptime for Fasthosts' main web site:

A dynamically updating chart of Fasthosts' web site performance is available.

Continue Reading...

A security flaw in the PayPal web site is being actively exploited by fraudsters to steal credit card numbers and other personal information belonging to PayPal users. The issue was reported to Netcraft today via our anti-phishing toolbar.

The scam works quite convincingly, by tricking users into accessing a URL hosted on the genuine PayPal web site. The URL uses SSL to encrypt information transmitted to and from the site, and a valid 256-bit SSL certificate is presented to confirm that the site does indeed belong to PayPal; however, some of the content on the page has been modified by the fraudsters via a cross-site scripting technique (XSS).

When the victim visits the page, they are presented with a message that has been 'injected' onto the genuine PayPal site that says, "Your account is currently disabled because we think it has been accessed by a third party. You will now be redirected to Resolution Center." After a short pause, the victim is then redirected to an external server, which presents a fake PayPal Member log-In page. At this crucial point, the victim may be off guard, as the paypal.com domain name and SSL certificate he saw previously are likely to make him realise he has visited the genuine PayPal web site – and why would he expect PayPal to redirect him to a fraudulent web site?

If the victim logs in via the fake login page, their PayPal username and password is transmitted to the fraudsters and they are subsequently presented with another page which requests them to enter further details to remove limits on the access of their account. Information requested includes social security number, credit card number, expiration date, card verification number and ATM PIN.

The server currently running the scam is hosted in Korea and is accessed via a hex-encoded IP address. The Netcraft Toolbar already protects PayPal users by blocking access to this site.

UPDATE: Paypal has now addressed this vulnerability. A company spokesman said Paypal is working with the Internet service provider that hosts the malicious site to get it shut down, and does not yet know how many people may have fallen victim to the scam.

Netcraft's Web Application Security Testing service can identify similar cross-site scripting flaws on your organization's web servers. Please contact us for further information.

Several popular UK-based betting online betting sites have been hit by brief outages this morning, interrupting wagering on the World Cup. Sites operated by BetDirect and UKBetting were offline for periods of between 45 minutes and two hours during the same general time period.

Industry observers say as much as £1 billion ($1.84 billion U.S.) could be wagered on this year's World Cup, five times the betting volume for the 2002 event. It's not clear whether heavy traffic was a factor in today's outages, but that type of betting volume makes downtime quite expensive for online bookmakers. Historically, betting sites have been targeted by DDoS extortionists during major sporting events.

Netcraft offers a web site performance monitoring service that provides detailed uptime charts, along with e-mail alerts when an outage occurs.

It's not often that a hiring announcement knocks a web site offline. But the blogosphere is abuzz with the news that Microsoft blogger Robert Scoble is leaving to take a position at a video blogging start-up. The news has triggered a burst of traffic to Scoble's new employer, PodTech, whose web site is struggling to handle all that link love. The Podtech.net web site was unavailable early Sunday and offline again this morning. A dynamically updating chart showing podtech.net's web site performance this morning is available.

"PodTech’s site crashed this morning under *massive* traffic surge under the Scoble-effect," the company said Sunday when its site returned to service (but before today's outage). "Slashdot wasn’t a factor, since it didn’t carry a link to PodTech. The site crash was all from massive blog traffic." To date few blogstorms have invited comparison to the Slashdot effect in their ability to overwhelm sites with traffic. Slashdot reported on Scoble's departure, but linked to the announcement on the Scobleizer blog (which will continue, as it is hosted at Wordpress.com rather than Microsoft).

Six hosting companies share the top spot this month, with INetU, Hostway, IPower, New York Internet, Pair Networks and Tiscali all sharing the top spot as the most reliable hosting company site this month.

The six-way tie is a first for the reliability survey, as three and even four providers have shared the top position in the past. The showing reflects a strong month for hosting reliability, as the winners each had just 0.01 percent of their DNS responses fail, just a hair short of a perfect showing. All six companies have finished atop the survey at least once previously.

It was a particularly good month for providers hosting their home page on FreeBSD, four of whom (INetU, iPowerWeb, NY Internet and Pair Networks) shared the top spot with two hosts on Linux (Hostway and Tiscali). Overall, five Linux sites are found in the top 10 this month, four on FreeBSD and one on Windows.

The Internet experienced its strongest site growth ever last month, powered by a surge in blogs and free web sites. In the June 2006 survey we received responses from 85,541,228 sites, a gain of 3.96 million sites from the May report. This is the largest one-month increase in sites in the history of the Netcraft survey, surpassing a gain of 3.3 million in March 2003, although the 2003 gain was larger in percentage terms (8.5%, compared to 4.7% this month).

Microsoft continues to gain share in the web server market, chipping away at Apache's commanding lead. The number of hostnames on Windows servers grew by 4.5 million, giving Microsoft 29.7% market share, a gain of 4.25% for the month. Apache had a decline of 429K hostnames, and loses 3.5% to 61.25%.

Apache's lead over Microsoft, which stood at 48.2% in March, has been narrowed to 31.5%, a shift of 16.7% in just three months.

The largest movement of sites from Apache to IIS was once again at Go Daddy, with over 1.6M hostnames moving from Apache to IIS this month. While those parked domains were a major factor in Microsoft's gains, Windows also saw solid growth in active sites, hostnames that contain content and likely to represent developed web sites.

Blogging services enjoyed strong growth, paced by Google's Blogger, which added more than 660K hostnames. The global nature of the blogging phenomenon was seen in large increases in blogs hosted at Germany's Intergenia AG and Japan's Excite.co.jp, both of which run on Windows web servers. Windows servers also got a boost from Microsoft's Office Live service, as it began to open its beta offering to more users.

Apache's loss of hostnames is due to decreases for Linux at a number of hosting companies. In addition to Go Daddy, six hosts reduced their use of Linux by 40K or more, including leading UK provider PIPEX Communications, Lycos and Zipa.