1. Play.com confirms security breach

    Following our previous article about an apparent email address leak at Play.com, the company has confirmed that a security breach has occurred.

    In an email to its customers, Play.com stated that the breach occurred at a marketing company, resulting in customer names and email addresses being compromised:

    "We are emailing all our customers to let you know that a company that handles part of our marketing communications has had a security breach. Unfortunately this has meant that some customer names and email addresses may have been compromised.

    We take privacy and security very seriously and ensure all sensitive customer data is protected. Please be assured this issue has occurred outside of Play.com and no other personal customer information has been involved."

    Many customers already appear to have received spam as a result of this breach, apparently including some who had opted out of receiving marketing emails from Play.com.

    An information security manager at Play.com refused to tell Netcraft which marketing company was responsible for the breach.

    Posted by Paul Mutton on 22nd March, 2011 in Security

  2. Play.com customer emails leaked?

    Online retailer Play.com has been accused of leaking its customers' email addresses to spammers.

    Many customers reported receiving a spam email yesterday, offering an Adobe Reader upgrade which requires registration and payment. Some of these emails were sent to unique email addresses that have only been used at play.com, suggesting that the spammer had access to private customer details.

    Most complaints relate to an email with the subject line "Get more done, much faster, with Acrobat X PDF Reader. Upgrade Available Now":

    One Play.com customer commented yesterday:

    "I too received the email this morning. I use a unique email address for each website using the plus addressing feature of gmail; in this case the phishing attack was sent to myemailaddress+play@gmail.com. This is pretty compelling evidence that play.com are at fault."

    Although it does seem that Play.com's customer details have been breached, it is not yet clear how this may have happened, or indeed whether Play.com are at fault. In particular, Play.com's privacy policy reveals several other places where leaks could have occurred. Play.com shares data with other business and technical partners to handle orders, process credit and debit card payments and for fraud protection.

    Another recipient of the spam was advised the following by Play.com:

    "Please be advised that our database is maintained on a secure internal server that is not connected to the internet. No unauthorised access of any kind is available to the network."

    Fortunately, most browser software has already blocked the spammer's website as a web forgery:

    If the user chooses to ignore this warning, the site offers a download link for PDF Reader/Writer software:

    The user is then taken to a third-party site, secureonline-form.com, which requires registration:

    Finally, the user must pay for membership in order to obtain the software:

    Play.com did not respond to Netcraft's request for comment before this article was published.

    Posted by Paul Mutton on 21st March, 2011 in Security

  3. March 2011 Web Server Survey

    In the March 2011 survey we received responses from 298,002,705 sites, a growth of just over 13M hostnames on last month's survey; a continuation of the steady growth which has been seen since July last year.

    Apache was the biggest contributor to this month's growth, with an increase of 8.5M hostnames. This increase comes despite large losses of 2.23M at skyrock.net due to their servers no longer reporting a server banner. Most of the increase is once again due to AmeriNOC and Softlayer, with gains of 5.5M and 1.2M hostnames respectively. Large increases were also seen at both Leaseweb and Hetzner Online AG.

    nginx gained 1.2M hostnames this month due to increases at a number of hosting companies, the largest of which was 289k at Hetzner Online AG.

    Small gains were seen by both Microsoft and Google, with increases of 560k and 205k hostnames respectively. Microsoft's increase came primarily from Go Daddy, and an increase of 296k hostnames hosted by Microsoft which made up for a drop seen there last month. Despite the gain in hostnames, Microsoft experienced a 0.7 percentage point loss in market share, while Google's share was relatively unchanged.

    The only web server vendor to see a loss in the number of hostnames this month was lighttpd. It experienced a drop of 157k hostnames which was shared by multiple hosting companies.

    Total Sites Across All Domains
    August 1995 - March 2011

    Total Sites Across All Domains, August 1995 - March 2011


    Market Share for Top Servers Across All Domains
    August 1995 - March 2011

    Graph of market share for top servers across all domains, August 1995 - March 2011


    DeveloperFebruary 2011PercentMarch 2011PercentChange
    Apache171,195,55460.10%179,720,33260.31%0.21
    Microsoft57,084,12620.04%57,644,69219.34%-0.70
    nginx21,570,4637.57%22,806,0607.65%0.08
    Google14,454,4845.07%15,161,5305.09%0.01
    lighttpd1,953,9660.69%1,796,4710.60%-0.08
    (more...)

    Posted by Matt Foster on 9th March, 2011 in Web Server Survey

  4. Most Reliable Hosting Company Sites in February 2011

    Rank Company site OS Outage
    hh:mm:ss
    Failed
    Req%
    DNS Connect First
    byte
    Total
    1 Datapipe FreeBSD 0:00:00 0.004 0.100 0.021 0.051 0.076
    2 Swishmail FreeBSD 0:00:00 0.009 0.098 0.027 0.056 0.162
    3 New York Internet FreeBSD 0:00:00 0.009 0.129 0.029 0.081 0.218
    4 www.westhost.com Linux 0:00:00 0.009 0.291 0.076 0.163 0.502
    5 ServInt Linux 0:00:00 0.013 0.157 0.031 0.065 0.163
    6 www.serverbeach.com Linux 0:00:00 0.017 0.071 0.010 0.024 0.084
    7 iWeb Technologies Linux 0:00:00 0.017 0.098 0.044 0.089 0.089
    8 www.singlehop.com Linux 0:00:00 0.026 0.135 0.074 0.498 0.676
    9 www.navisite.com Windows Server 2003 0:00:00 0.030 0.188 0.043 0.220 0.380
    10 www.poundhost.com Linux 0:00:00 0.030 0.259 0.089 0.189 0.369

    See full table

    This month's most reliable hosting company is Datapipe. Datapipe was ranked first last month, and has now been in the top ten for 11 of the last 12 months. Datapipe offers managed hosting and IT services from six data centers distributed across the globe and has recently started to offer managed cloud hosting through a product called the Datapipe Managed Cloud. This new service is backed by Amazon Web Services, and Datapipe say it's the "first Managed Services Provider of significant scale and size to offer Amazon Web Services to enterprise clients in a comprehensive, all-inclusive managed services program."

    In second and third place this month are Swishmail, which offers managed email and web hosting, and New York Internet which offers various services, including dedicated servers, colocation and web hosting. Swishmail and New York Internet also frequently appear in Netcraft's top ten most reliable hosting company sites.

    This month, the three most reliable hosting company sites are being served by FreeBSD. Of the remaining seven sites, six run Linux and one runs Windows Server 2003.

    Netcraft measures and makes available the response times of around forty leading hosting providers' sites. The performance measurements are made at fifteen minute intervals from separate points around the internet, and averages are calculated over the immediately preceding 24 hour period.

    From a customer's point of view, the percentage of failed requests is more pertinent than outages on hosting companies' own sites, as this gives a pointer to reliability of routing, and this is why we choose to rank our table by fewest failed requests, rather than shortest periods of outage. In the event the number of failed requests are equal then sites are ranked by average connection times.

    Information on the measurement process and current measurements is available.

    Posted by Matt Foster on 1st March, 2011 in Hosting, Performance

  5. PayPal.com and payment APIs hit by performance issues

    www.paypal.com was unavailable to most customers for more than an hour today, with no estimated time for resolution during the outage. PayPal uses scheduled maintenance windows every Thursday and Friday from 11pm to 1am PST, but this rarely results in any noticeable downtime, and today's outage extended beyond that window.

    PayPal's payments API was also unavailable, which will have affected many online retailers, including PayPal's owner, eBay. A statement from eBay at 12:52am PST said: "EBay [sic] is currently experiencing checkout problems. Community members may see errors or timeouts when attempting to pay for an item. We are working on the problem and apologize for the inconvenience."

    A live status update on the PayPal X Developer Network stated that there was no alternative work-around to the problem:

    The problems with the PayPal website and payment APIs were resolved at 1:23am.

    Posted by Paul Mutton on 18th February, 2011 in Around the Net

  6. February 2011 Web Server Survey

    In the February 2011 survey we received responses from 284,842,077 sites.

    Apache saw the largest increase in terms of both market share and absolute growth this month, with 9.6M new hostnames equating to a 1 percentage point increase in market share. This continues the general upward trend seen for Apache since January last year. The most significant increase occurred in the United States, where 7M new Apache hostnames were recorded. Once again, significant contributions to Apache's increase were seen at AmeriNOC (4.6M) and Softlayer Inc (1.3M). Apache also made a net gain of 817k hostnames in the Netherlands as the result of a 1.3M increase at Axoft Group.

    nginx and lighttpd also made gains this month, although lighttpd's market share remained static as a result of the increases detected for the other major web server vendors.

    Microsoft and Google both lost hostnames and market share this month. Microsoft's most significant loss came in Germany, with a 239k drop. This came as a result of 237k fewer hostnames being recorded at Kabel Deutschland.

    Total Sites Across All Domains
    August 1995 - February 2011

    Total Sites Across All Domains, August 1995 - February 2011


    Market Share for Top Servers Across All Domains
    August 1995 - February 2011

    Graph of market share for top servers across all domains, August 1995 - February 2011


    DeveloperJanuary 2011PercentFebruary 2011PercentChange
    Apache161,591,44559.13%171,195,55460.10%0.98
    Microsoft57,392,35121.00%57,084,12620.04%-0.96
    nginx20,504,6347.50%21,570,4637.57%0.07
    Google15,112,5325.53%14,454,4845.07%-0.46
    lighttpd1,866,8720.68%1,953,9660.69%0.00
    (more...)

    Posted by Jennifer Cownie on 15th February, 2011 in Web Server Survey