As of 1st June 2010, the Netcraft Toolbar community has helped to block over 3 million phishing attacks worldwide. We incentivise phishing reports from the Toolbar community, and have now added the iPad to our list of incentives:
Netcraft Mug (after 100 validated phishing reports) Netcraft Polo Shirt (after 400) Targus Laptop Backpack (after 1,000) iPad (after 5,000)
On reaching 5,000 validated reports you become eligible for a monthly competition to incentivise large reporters.
The Netcraft Toolbar, which is available for Firefox, serves as a giant neighbourhood watch scheme for the Internet. Members who encounter a phishing fraud can act to defend the larger community of users against the attack. Once the first recipients of a phishing mail have reported the attack URL, it is blocked for toolbar users who subsequently access the URL and widely disseminated attacks simply mean that the phishing attack will be reported and blocked sooner.
Changes to Netcraft phishing report processing:
Until recently we have rejected reports for URLs which were already blocked by the Netcraft Toolbar. We now accept reports on URLs which are already blocked if the phishing URL targets a different company to any previously accepted reports.
For example, if we receive a report of a phishing URL at http://[example-domain]/directory/paypal targeting PayPal customers and we decide to block all URLs beginning with http://[example-domain]/directory/ a subsequent report of the URL http://[example-domain-here]/directory/HSBC targeting HSBC customers will now be accepted even though access to that URL is already blocked by our Toolbar.
Each accepted report counts towards your incentives. Therefore, when you see a site with multiple phishing URLs targeting multiple companies, please report them all!
Twitter suffered from some noticeable site availability issues last night, and is still running at a higher than usual latency this morning:
Twitter identified the cause of the incident as an "error with networking equipment", which caused the site to run noticeably slowly, sometimes even causing the fail whale to come out for a swim.
A few hours later, an update revealed that the networking problem had not quite gone away, although the site does appear to be fully functional now. Features such as searching, sidebar data and profile image uploads were temporarily disabled last night to try and stabilize the site's performance.
Netcraft's live uptime graphs for twitter.com can be viewed here.
Rank Company site OS Outage hh:mm:ss Failed Req% DNS Connect First byte Total 1 New York Internet FreeBSD 0:00:00 0.011 0.155 0.085 0.182 0.441 2 INetU unknown 0:00:00 0.015 0.080 0.060 0.133 0.335 3 DataPipe FreeBSD 0:00:00 0.022 0.059 0.011 0.023 0.033 4 Multacom FreeBSD 0:00:00 0.022 0.219 0.082 0.164 0.396 5 Rackspace Linux 0:00:00 0.022 0.106 0.088 0.175 0.175 6 One.com Linux 0:00:00 0.026 0.369 0.083 0.166 0.166 7 www.navisite.com Linux 0:00:00 0.026 0.244 0.092 0.185 0.378 8 iWeb Technologies Linux 0:00:00 0.030 0.096 0.064 0.128 0.128 9 www.acens.com Linux 0:00:00 0.030 0.221 0.097 0.423 0.735 10 www.aruba.it Windows Server 2003 0:00:00 0.034 0.858 0.089 0.180 0.180
The most reliable hosting company site in May was New York Internet, responding to all but three of Netcraft's requests. It was served by Apache running on FreeBSD.
Established in 1996, New York Internet is located near Wall Street and maintains its own data centers. The company's core services include dedicated servers, colocation and virtual web hosting.
INetU came a close second with just four failed requests.
INetU is an enterprise managed hosting company located in Allentown, PA. They have been in business since 1996 and notably offer a 100% uptime service level guarantee. Managed services provided by INetU include MySQL and MS SQL database clusters, Exchange servers, virtualization and firewalls. Their clients include Fortune 500 companies such as Microsoft, Intel, Northrop Grumman and Canon.
Five of May's top ten most reliable sites used Linux, while three ran on FreeBSD and one on Windows Server 2003.
Netcraft measures and makes available the response times of around forty leading hosting providers' sites. The performance measurements are made at fifteen minute intervals from separate points around the internet, and averages are calculated over the immediately preceding 24 hour period.
From a customer's point of view, the percentage of failed requests is more pertinent than outages on hosting companies' own sites, as this gives a pointer to reliability of routing, and this is why we choose to rank our table by fewest failed requests, rather than shortest periods of outage.
Information on the measurement process and current measurements is available.
Netcraft has developed a dataset which tracks the changes in the hosting locations of the million busiest websites. Each month we determine the busiest sites by the number of visits from users of the Netcraft Toolbar. This is then combined with detailed hosting information gathered by our Web Server Survey, and compared with the equivalent information from the previous month.
Many sites' location will be unchanged, but some will have moved from one hosting provider to another during the course of the month. Additionally, hosting companies may gain new sites that were not previously in the top million, and lose sites which are no longer present.
The dataset gives a guide to the market share of companies hosting the sites responsible for the great majority of web traffic, and is largely uninfluenced by parked domains, personal sites, shared hosting accounts or the majority of blogs.
Excerpts from March to April 2010
Hostnames Change Gained Lost Hosting Company Mar 2010 Apr 2010 +/- % Not Ranked Competitors Not Ranked Competitors ThePlanet.com 34,342 34,714 372 1.1% 3,087 835 2,839 711 Rackspace 21,504 21,740 236 1.1% 1,719 467 1,573 377 GoDaddy Inc 15,617 15,721 104 0.7% 1,641 362 1,522 377 Peer1 Networks Inc 8,394 8,512 118 1.4% 815 910 635 972 Layered Technologies 5,987 5,905 -82 -1.4% 524 873 566 913 iWeb Technologies Inc 4,511 4,662 151 3.3% 446 127 307 115 iomart group plc 2,675 2,771 96 3.6% 271 137 239 73
Gains from Not Ranked indicate that a site has entered in to the top million this month. Losses from Not Ranked indicate that the site is no longer in the top million.
Although the top 1000 sites are concentrated amongst the web superpowers, Google, Microsoft, Yahoo and eBay, the hosting locations of the top million sites are widely fragmented, with a little over 3.25% sufficient for top spot.Site Detail
An advantage of this dataset over the Hosting Provider Switching Analysis is the ability to analyse movement between competing hosting providers on a per-site basis. With this feature, current and previous hosting locations, netblock, operating system and server software for each site is shown.
Site Host First Seen New Rank Old Rank New Hosted By Hew Hoster Old Hosted By Old Hoster http://www.gwebtools.com 01/11/2008 96322 99144 server4you.net Intergenia AG global-datacenter.com Softlayer Inc http://obeus.com 01/10/2001 261523 248751 intergenia.de Intergenia AG global-datacenter.com Softlayer Inc http://www.mmistanbul.com 01/07/2004 302629 280276 intergenia.de Intergenia AG global-datacenter.com Softlayer Inc http://www.automotoportal.com 01/04/2006 315713 315920 intergenia.de Intergenia AG global-datacenter.com Softlayer Inc http://www.xxproxy.com 01/05/2007 406833 395720 intergenia.de Intergenia AG global-datacenter.com Softlayer Inc http://www.houselife.gr 01/06/2007 438654 486241 intergenia.de Intergenia AG global-datacenter.com Softlayer Inc
Symantec has agreed to acquire VeriSign's Identity and Authentication business for an aggregate purchase price of $1.28 billion. It had previously looked as though Symantec was setting itself up to become a direct competitor of VeriSign following its recent acquisition of PGP Corporation, which also has trusted root certificates in browsers through its own acquisition of TC TrustCenter.
Symantec's acquisition will include VeriSign's SSL and trust services. Netcraft's most recent SSL survey shows that VeriSign is the largest SSL certificate authority, with around half a million valid and distinct SSL certificates in use on the web, giving it a market share of 38%.
Overall growth trend in the SSL certificate market (all companies)
The widespread use of VeriSign certificates is also evident from handling more than 2 billion Online Certificate Status Protocol lookups in a single day last month, less than a year after hitting 1 billion per day. These OCSP checks allow web browsers to determine whether a certificate has been revoked.
In recent years, VeriSign has been keen to evangelise Extended Validation SSL certificates. These certificates cause the browser's address bar to turn green, which indicates to a customer that the identity of a site has been authenticated according to the most rigorous industry standard.
VeriSign holds a significant 71% share of the Extended Validation market. Although this market itself only accounts for 1.5% of all SSL certificates, it has typically been a high value market, with VeriSign currently selling individual certificates from $995 for 1 year.
Symantec's announcement cites $408 million revenue for VeriSign's business during the twelve months leading up to the end of March, much of which is likely to have come from SSL certificate sales alone.
Despite several other companies selling Extended Validation certificates at lower prices, VeriSign's market share has only fallen by 2 percentage points over the past 12 months. However, competitor Go Daddy's aggressive new pricing of $99.99 earlier this year has already resulted in a noticeable growth increase at Go Daddy over the past few months.
Symantec recently acquired PGP Corporation for approximately $300 million. PGP had previously made its own agreements to acquire the privately-held TC TrustCenter, along with its parent company, ChosenSecurity. PGP now sells organization validated, wildcard and extended validation certificates under the PGP TrustCenter brand.
The SSL certificate market continues to thrive, with our last SSL survey finding a total of 1.3 million distinct valid third-party SSL certificates.
Popular BitTorrent search engine The Pirate Bay has just come back online, around a day after it was apparently forced offline by a German court injunction filed a week ago.
The Motion Picture Association subsequently made a press release [pdf] about the injunction against CB3Rob Ltd & Co KG (Cyberbunker) and its operator, Mr. Sven Olaf Kamphuis, "restraining them from connecting The Pirate Bay site to the Internet".
However, the site is already back online — hosted at the same place as before — and now presents a defiant 'lolcat' message, presumably aimed at those who are trying to get the site shut down:
The Pirate Bay publishes many of the legal threats it receives, but proudly boasts that no torrents have ever been removed from the site.
The Pirate Bay website runs Linux and uses the lighttpd webserver.