Staples website knocked offline by demand

Office product company Staples.co.uk has been knocked offline by the popularity of its own discount voucher codes. The UK website became flooded with traffic after a £20-off voucher code appeared on several popular bargain-hunting sites, including HotUKDeals and the MoneySavingExpert.com forums.

The £20-off voucher code – which did not require a minimum spend – allowed customers to claim up to £20 worth of items for free, leaving only the delivery charge to pay. Although the code could only be used once per customer, several users successfully bypassed that restriction by placing several orders from multiple accounts. Larger discounts and free delivery were available on more expensive items by adding one of several other voucher codes on top of the existing £20 reduction:

A large volume of HTTP requests originating from many different locations can often have the same effect as a deliberately planned distributed denial of service (DDoS) attack, but it is clear that no such attack took place; the site was simply swamped with legitimate requests from its own customers, who were keen to snap up some bargains. It is not yet clear whether orders placed using these vouchers will be honoured – order confirmations have been emailed to customers, but such orders remain subject to approval.

Several other technology retail websites, including Staples, were affected by similarly huge demand in August, when the price of the 16GB HP TouchPad tablet was slashed to only £89. That was also viewed by many as an unmissable opportunity, with a single HotUKDeals forum post alone attracting more than 60,000 comments while its members discussed where they could buy one. The demand continued long after they were sold out, with some TouchPads being resold on eBay for more than twice the original cost.

The Staples UK website became responsive once more around lunchtime today, following the deactivation of the original £20-off voucher code:

October 2011 Web Server Survey

In the October 2011 survey we received responses from 504,082,040 sites, a growth of nearly 3.8% or around 18M sites on last month.

All of the main web server vendors gained hostnames this month with Apache again showing the largest increase of just over 10M; however, it continues to lose a small amount of market share. A gain of just over 4M hostnames sees nginx increase market share to an all-time high of 8.5%.

This month Apache lost 86k active sites, less than 0.1% of its total. However, this translates to a more significant loss in market share of 1.09% due to all three of the main competitors gaining sites. The largest gain was seen by nginx, where an increase of just over 1.6M active sites resulted in its market share rising to 11.28%. If current trends continue nginx will soon overtake Microsoft to have the second largest number of active sites.

Across the million busiest sites Apache and Microsoft each lose market share this month whilst nginx and Google see small increases.

Total Sites Across All Domains
August 1995 - October 2011

Total Sites Across All Domains, August 1995 - October 2011


Market Share for Top Servers Across All Domains
August 1995 - October 2011

Graph of market share for top servers across all domains, August 1995 - October 2011


DeveloperSeptember 2011PercentOctober 2011PercentChange
Apache315,605,33565.05%326,008,43264.67%-0.38
Microsoft76,323,01815.73%78,937,06515.66%-0.07
nginx38,970,6838.03%43,037,0798.54%0.51
Google17,265,3083.56%17,487,9243.47%-0.09
Continue reading

Most Reliable Hosting Company Sites in September 2011

Rank Company site OS Outage
hh:mm:ss
Failed
Req%
DNS Connect First
byte
Total
1 Datapipe FreeBSD 0:00:00 0.004 0.088 0.019 0.044 0.066
2 Swishmail FreeBSD 0:00:00 0.004 0.123 0.041 0.084 0.221
3 ServInt Linux 0:00:00 0.004 0.156 0.047 0.097 0.208
4 aruba.it Windows Server 2003 0:00:00 0.004 0.179 0.127 0.250 0.250
5 Qube Managed Services Linux 0:00:00 0.008 0.077 0.041 0.083 0.083
6 INetU Windows Server 2008 0:00:00 0.008 0.095 0.041 0.167 0.432
7 New York Internet FreeBSD 0:00:00 0.008 0.107 0.043 0.087 0.306
8 www.micfo.com Linux 0:00:00 0.008 0.147 0.063 0.312 0.460
9 www.peer1.com Linux 0:00:00 0.012 0.109 0.019 0.042 0.142
10 www.catalyst2.com Windows Server 2008 0:00:00 0.012 0.286 0.086 0.178 0.359

See full table

Datapipe was the most reliable hosting company in September, giving it an impressive six victories so far this year. Note that the top four hosting companies had the same number of failed requests, so they have been sorted by average connection time.

During September, Datapipe augmented its range of hosting services by announcing the public availability of the first PCI DSS 2.0 Level 1 Service Provider certified cloud computing platform, and also partnered with Alert Logic to release a fully managed advanced network security solution for Amazon Web Services. Next month, Datapipe will be sending a four person team from their Hong Kong team to run 100km in the Oxfam Trailwalker.

In second place was Swishmail. Primarily an email provider, the company also offers several managed web hosting plans. Both Datapipe and Swishmail run their company websites on FreeBSD, which was used by half of the top ten hosting companies in the previous month.

Not far behind in third place, ServInt offers managed dedicated servers and scalable virtual private servers. Founded in Northern Virginia in 1995, over 25% of its employees have served for more than 10 years.

Fourth-place Aruba is an Italian hosting company, whose parent group operates several offices and data centres across Europe. Aruba offers Windows and Linux hosting solutions, some of which have 'unlimited' disk space and traffic.

Four of September's top ten hosting company websites used Linux, while three used FreeBSD, two used Windows Server 2008 and one used Windows Server 2003.

Netcraft measures and makes available the response times of around forty leading hosting providers' sites. The performance measurements are made at fifteen minute intervals from separate points around the internet, and averages are calculated over the immediately preceding 24 hour period.

From a customer's point of view, the percentage of failed requests is more pertinent than outages on hosting companies' own sites, as this gives a pointer to reliability of routing, and this is why we choose to rank our table by fewest failed requests, rather than shortest periods of outage. In the event the number of failed requests are equal then sites are ranked by average connection times.

Information on the measurement process and current measurements is available.

September 2011 Web Server Survey

In the September 2011 survey we received responses from 485,173,671 sites, a growth of nearly 4.8% (just over 22M hostnames) compared to last month.

Apache servers saw the largest growth this month (roughly 14M new hostnames), taking its total to over 315M, yet it continued to lose market share. Apache now serves twice as many hostnames as this time last year.

Nearly a quarter of this growth comes from new sites seen at Softlayer. By the end of the year, Softlayer’s global network will include points of presence (PoPs) and data centers throughout Europe and Asia, with the goal of bringing Softlayer’s network within 40ms of everyone on the planet. Both BurstNet and AmeriNOC also saw growths of over a million hostnames.

Nginx had the biggest increase in market share, with a growth of 0.36 percentage points. This is the largest increase that we have seen for nginx since January. Nginx also continues to increase its share of active sites, gaining ground on Microsoft and remaining as the 2nd most popular open source webserver. Google on the other hand saw a moderate loss in active sites this month, down by nearly 3.8M.

Total Sites Across All Domains
August 1995 - September 2011

Total Sites Across All Domains, August 1995 - September 2011


Market Share for Top Servers Across All Domains
August 1995 - September 2011

Graph of market share for top servers across all domains, August 1995 - September 2011


DeveloperAugust 2011PercentSeptember 2011PercentChange
Apache301,771,51865.18%315,605,33565.05%-0.13
Microsoft73,415,91615.86%76,323,01815.73%-0.13
nginx35,533,4397.67%38,970,6838.03%0.36
Google17,061,0033.68%17,265,3083.56%-0.13
Continue reading

Most Reliable Hosting Company Sites in August 2011

Rank Company site OS Outage hh:mm:ss Failed Req% DNS Connect First byte Total
1 Datapipe FreeBSD 0:00:00 0.007 0.083 0.020 0.042 0.056
2 iWeb Technologies Linux 0:00:00 0.007 0.105 0.072 0.144 0.144
3 Swishmail FreeBSD 0:00:00 0.011 0.083 0.044 0.089 0.231
4 INetU FreeBSD 0:00:00 0.015 0.112 0.042 0.118 0.261
5 New York Internet FreeBSD 0:00:00 0.015 0.108 0.046 0.094 0.274
6 Multacom FreeBSD 0:00:00 0.015 0.114 0.075 0.152 0.428
7 www.cwcs.co.uk Linux 0:00:00 0.019 0.228 0.114 0.225 0.608
8 ServInt Linux 0:00:00 0.022 0.149 0.041 0.089 0.227
9 www.netcetera.co.uk Windows Server 2008 0:00:00 0.022 0.059 0.093 0.189 0.386
10 Iomart plc. Linux 0:00:00 0.022 0.167 0.097 0.206 0.360
See full table

Both of the top two hosting companies had the same number of failed requests this month and they are therefore ranked by average connection time.

After slipping to third last month, the top spot was regained by Datapipe in August. They offer a range of services including managed hosting, compliance, security and cloud computing. Datapipe have recently expanded their UK datacenters.

In second place this month is iWeb Technologies, a Canadian hosting company based in Montreal. iWeb Technologies provide web hosting, dedicated servers, managed hosting and colocation to customers from around the world. They have recently launched a new product range, Smart Servers, which aim to give the benefits of both virtualization in the cloud and dedicated hardware.

Swishmail come in at third place this month, who offer a variety of managed web hosting plans in addition to their core service of enterprise-grade email hosting.

For the first time this year, FreeBSD has the largest share of hosting providers in the top 10 with half of them running FreeBSD servers. Of the other hosting providers in the top 10, 4 run Linux and 1 uses Windows Server 2008.

Netcraft measures and makes available the response times of around forty leading hosting providers' sites. The performance measurements are made at fifteen minute intervals from separate points around the internet, and averages are calculated over the immediately preceding 24 hour period.

From a customer's point of view, the percentage of failed requests is more pertinent than outages on hosting companies' own sites, as this gives a pointer to reliability of routing, and this is why we choose to rank our table by fewest failed requests, rather than shortest periods of outage. In the event the number of failed requests are equal then sites are ranked by average connection times.

Information on the measurement process and current measurements is available.

Governments hosted 146 new phishing sites in July

Disclosures by groups including LulzSec, Anonymous and Wikileaks have highlighted that poor security is endemic throughout government websites. During July, Netcraft's anti-phishing toolbar blocked 146 new phishing attacks hosted on government websites. Nearly half of these used the gob.pe secondary top-level domain, making the government of Peru the phishiest in the world.

Unusually, more than a third of these government-hosted phishing attacks targeted a single British financial institution, Lloyds Banking Group. Halifax and Lloyds TSB, which are subsidiaries of the group, were each targeted more times than any other organisation, including PayPal.

Phishing sites hosted on government domains (top 10)
(source: Netcraft Phish Feed)

Government
TLD
Country New phishing sites
in July 2011
gob.pe Peru 69
gov.br Brazil 12
go.th Thailand 11
gob.mx Mexico 9
gov.cn China 9
gov.ar Argentina 6
gov.za South Africa 6
gov.pk Pakistan 3
gov.ec Ecuador 3
gov.tr Turkey 3

Some of these government-hosted phishing sites were even used to attack other governments. The website of the UK government, Directgov, was targeted in 14 of these phishing attacks. All of the phishing content used in these attacks was hosted on Peruvian government domains, but has since been removed.

Not all of the phishing sites blocked last month have been taken down. Near the beginning of July, Netcraft blocked an Amazon phishing site on a Polish government TLD, but the fraudulent content is still being served today, more than a month later. This was the only new phishing site to appear on a Polish government website in July, and was unusually served from a compromised FTP server. By supplying valid FTP credentials as part of the URL, a fraudster can make the site viewable in any modern web browser as if it were an ordinary website served over HTTP or HTTPS:

Phishing sites are regularly hosted on compromised servers. By using someone else's web server, an attacker can create a phishing site without having to register any domain names or pay for hosting services. Certain TLDs may also be perceived as being more trustworthy than others, but this is not always a safe assumption.

For example, the .gov TLD is restricted for use by government entities in the United States, so content on these sites is often assumed to be legitimate without much thought. However, www.caldwelltx.gov was presumably compromised at some point, as it was seen serving a Halifax phishing site in July.

Netcraft also found several government websites that had been defaced by "Al3x 0wn5". One Indonesian government site was still defaced at the time of publication, and displayed a mock root prompt on its homepage:

The demonstrably poor security of some government websites may have much wider implications for a country's population. For example, if a remote attacker is able to deface a site or upload arbitrary phishing content, it may also be possible to gain unauthorised access to backend databases or divert any payment details transmitted through the site.