Most Reliable Hosting Company Sites in March 2011

Rank Company site OS Outage
hh:mm:ss
Failed
Req%
DNS Connect First
byte
Total
1 www.dinahosting.com Linux 0:00:00 0.011 0.241 0.077 0.154 0.154
2 Virtual Internet Linux 0:00:00 0.030 0.136 0.095 0.192 0.393
3 iWeb Technologies Linux 0:00:00 0.034 0.077 0.047 0.094 0.094
4 Kattare Internet Services Linux 0:00:00 0.034 0.095 0.073 0.146 0.296
5 Datapipe FreeBSD 0:00:00 0.037 0.105 0.023 0.047 0.066
6 Rackspace F5 BIG-IP 0:00:00 0.037 0.212 0.234 0.282 0.282
7 INetU unknown 0:00:00 0.041 0.065 0.030 0.375 0.491
8 www.logicworks.net Linux 0:00:00 0.041 0.145 0.048 0.515 0.671
9 www.qubenet.net Linux 0:00:00 0.041 0.114 0.056 0.113 0.113
10 Swishmail FreeBSD 0:00:00 0.045 0.135 0.049 0.097 0.261

See full table

The most reliable hosting company in March was dinahosting, which has been offering hosting services since 2002. The company's data centre is spread across 25 buildings located in Madrid, Spain, which are physically protected by sluice gates and biometric access controls. Besides Spanish, dinahosting also provides support for customers who speak Catalan, Galician, English, and Portuguese. To increase performance from other countries, dinahosting also has additional DNS servers in London and Dallas.

dinahosting is currently offering 50% off its RealCloud cloud hosting service, which is managed by Xen hypervisor 4.0.0 running on Dell PowerEdge R410 servers. This platform supports auto-scaling to dynamically allocate additional resources when required, such as during traffic spikes. As with many other cloud hosting services, CPU-hours and bandwidth are charged for on a pay-as-you-go basis.

Virtual Internet took second place, with only eight failed requests throughout March. The UK-based company is scheduled to launch its flexible managed hosting and cloud hosting solutions in the USA from 1st May 2011. Virtual Intenet's cloud hosting services are based on VMWare, and include a 100% uptime guarantee, automatic crash recovery, 1 gigabit networking and 20 day try-before-you-buy offer. Other services offered by Virtual Internet include colocation, global content delivery and business email hosting.

Six of the most reliable hosting company sites in March were running on Linux, including each company within the top four. Of the remaining companies, two used FreeBSD and one used F5 BIG-IP.

Netcraft measures and makes available the response times of around forty leading hosting providers' sites. The performance measurements are made at fifteen minute intervals from separate points around the internet, and averages are calculated over the immediately preceding 24 hour period.

From a customer's point of view, the percentage of failed requests is more pertinent than outages on hosting companies' own sites, as this gives a pointer to reliability of routing, and this is why we choose to rank our table by fewest failed requests, rather than shortest periods of outage. In the event the number of failed requests are equal then sites are ranked by average connection times.

Information on the measurement process and current measurements is available.

Compromised GlobalTrust database is published online

In the aftermath of last month's successful attacks against three of Comodo's affiliate Registration Authorities, Cryptome has just published a database purportedly belonging to GlobalTrust and InstantSSL. It is likely that the database was obtained during last month's security breach, where an Iranian attacker caused fraudulent certificates to be issued for several high-value domains including www.google.com. Many GlobalTrust websites were subsequently taken offline for forensic investigation.

GlobalTrust.it is still up and running, but it appears that InstantSSL.it has quickly been taken down again, possibly to defend it against any unauthorised access which may result from this latest leak. The site currently responds with a 403 Forbidden message:

The ComodoHacker stated via Twitter that the comodo-db.rar file on cryptome.org contains the "entire database of GlobalTrust and InstantSSL Italy". ComodoHacker proved his involvement in last month's attack by publishing the private key for one of the fraudulently issued certificates, so it is likely that this file does indeed contain the compromised database.

LiveJournal under DDoS attack

LiveJournal has been knocked offline by another DDoS (distributed denial of service) attack, less than a week after a separate sustained attack caused the site to go down for several hours. In response to last week's attack, LiveJournal upgraded their servers to make the site run faster; however, this does not appear to have prevented the current attack from succeeding.

Svetlana Ivannikova, Head of LiveJournal Russia, confirmed that the current outage was caused by another DDoS attack: "We can confirm that the service has not been working correctly for the last hour due to another DDoS attack on LiveJournal. Administrators are aware of the problem and trying to identify the source and target of the attack". No further details were given at this time.

The attack which caused last week's outage apparently began on 24th March, but LiveJournal largely withstood the attack until it was ramped up on 30th March. LiveJournal maintenance said, "Turns out we upset our attackers and they started hitting us 10x harder".

Both www.livejournal.com and news.livejournal.com were still inaccessible at the time of publication.

Xbox LIVE director’s account hijacked over bans

The Director of Policy and Enforcement for Xbox LIVE, Stephen Toulouse, had his Xbox LIVE account hijacked yesterday. The attacker purportedly used social engineering to convince Network Solutions to transfer DNS control of Toulouse's stepto.com domain name, allowing the attacker to receive any email sent to that domain. The attacker most likely used this to reset Toulouse's Xbox LIVE password and gain unauthorised access to his account, where he goes by the gamertag of Stepto.

The excited attacker subsequently uploaded footage of the hijack to YouTube, where he changed Stepto's motto from "Behave" to "Jacked by Predator". The attacker also advertised his account hijacking services in Stepto's bio, offering his AOL Instant Messenger contact details and payment methods. In his description of the video, Predator proudly boasts "ANY ACCOUNT $100 - $250 PayPal or AlertPay!!".

Predator revealed that the attack was carried out in revenge for being banned from using Xbox LIVE. During the video, he appears to hold Stephen Toulouse personally responsible for this: "Stepto, this is for console banning me over 35 times. You had it coming, man. Like, I'm tired of getting the console ban; now let's see what I can do to your account."

Proud of hijacking the Director's account, Predator ends his video's description with "I rest my name as Xbox Live's greatest account jacker."

Predator later uploaded a second video, noting that Stepto's account had been locked out. Toulouse regained control of his email and his domain's nameserver settings several hours after the attack, and his Xbox LIVE profile now looks to be restored.

False alarm over Samsung keylogger

Recent reports that "Samsung installs keylogger on its laptop computers" are likely to have been a false alarm, caused by a directory named C:\WINDOWS\SL being found on the newly purchased Samsung laptops. The mere existence of this folder causes some anti-virus software to incorrectly report the presence of the commercial Starlogger keylogging software, even if the software is not actually installed.

The Samsung Tomorrow website states that any claims of a keylogger on R525 and R540 laptops are false, pointing out that Microsoft's Live Application multi-language support legitimately creates this folder. Netcraft tested this by creating an empty C:\WINDOWS\SL folder on a malware-free Windows computer. VIPRE Antivirus Premium subsequently reported an elevated risk, claiming that the commercial Starlogger software had been found:

F-Secure's Chief Research Officer, Mikko Hypponen, was one of several security experts who found the original keylogging reports hard to believe. He solved the mystery for himself by going to a local computer shop and checking a range of Samsung laptops, none of which were running any keyloggers.

Two further Comodo RA accounts compromised

In a newsgroup posting by Robin Alden, CTO of Comodo, it has been confirmed that two further SSL Registration Authority (RA) accounts have been compromised since the original attack against GlobalTrust. Alden wrote: "Two further RA accounts have since been compromised and had RA privileges withdrawn. No further mis-issued certificates have resulted from those compromises."

It is not yet known which other RAs were compromised, or to what degree. In his latest Pastebin message, the Iranian ComodoHacker appears to claim responsibility for these other attacks:

"From listed resellers of Comodo, I owned 3 of them, not only Italian one, but I interested more in Italian brach because they had too many codes, works, domains, (globaltrust, cybertech, instantssl, etc.) so I thought they are more tied with Comodo."

According to an earlier message from ComodoHacker, the Italian attack was carried out by exploiting an SQL injection vulnerability on InstantSSL.it. The attacker subsequently escalated his privileges and caused the fraudulent certificates to be issued. The ComodoHacker unarguably proved his involvement in this attack by publishing a private key which corresponded to the fraudulently issued certificate for addons.mozilla.org. This private key has since been removed.

Both GlobalTrust.it and InstantSSL.it were shut down after the attack, but are now back online, offering a range of SSL certificates for sale.