WikiLeaks.org taken down by US DNS provider

WikiLeaks has been taken down again. Around 04:00 GMT this morning (Friday), DNS lookups on the wikileaks.org domain stopped working, effectively cutting the domain off from the whole internet. Neither cablegate.wikileaks.org nor www.wikileaks.org can currently be resolved to an IP address.

WikiLeaks later tweeted that the domain was "killed" by US company EveryDNS.net. This was a potential weakness that Netcraft identified back in October, when WikiLeaks temporarily stopped using US-based web servers to host the Iraq War Logs content.

Earlier this week, Joe Lieberman of the United States Senate Committee on Homeland Security and Government Affairs had encouraged other companies to terminate their relationship with WikiLeaks. It is unclear whether this influenced EveryDNS.net's decision, as they claim it was due to the DDoS attacks against the domain. A statement from EveryDNS.net said, "The termination of services was effected pursuant to, and in accordance with, the EveryDNS.net Acceptable Use Policy." EveryDNS.net claims to have provided sufficient warning to WikiLeaks, noting that, "Any downtime of the wikileaks.org website has resulted from its failure to use another hosted DNS service provider."

The committee issued another press release yesterday, announcing their intention to go after WikiLeaks by amending the Espionage Act. Lierberman accuses "Julian Assange and his cronies" of hindering their war efforts and creating a hit list for enemies.

WikiLeaks could get their sites up and running again by using different DNS servers, such as the French ones used for the Iraq War Logs in October. However, the wikileaks.org domain is still registered with a US company, Dynadot LLC, which could be 'persuaded' by the government to prevent such modifications, or even suspend the domain.

WikiLeaks ousted by Amazon, moves to Europe

Amazon has finally pulled the plug on WikiLeaks, leaving the whistle-blowing website unavailable until the traffic was redirected to Europe. WikiLeaks first directed the traffic to Sweden, and then included a second server in France. WikiLeaks announced the move on their Twitter stream:

The United States Senate Committee on Homeland Security and Government Affairs subsequently issued a press release announcing that Amazon had severed ties with WikiLeaks. The introduction to this announcement clearly states that Amazon.com decided to terminate its relationship with WikiLeaks, although the government may have spurred this decision by reportedly asking, "Are there plans to take the site down?"

The committee contacted Amazon on Tuesday after reading press reports that the WikiLeaks site was being hosted by Amazon. The site was taken down by Amazon the following morning. This could suggest that the government was able to exert some influence on the decision – WikiLeaks had been using Amazon's EC2 hosting service since October, when the Iraq War Logs were published. The cablegate site also used EC2 from the moment it was launched on Sunday.

Incidentally, two sentences in Committee Chairman Joe Lieberman's statement may have been added as an afterthought, or added by someone else, as it appears in a slightly different colour to the rest of the text in the statement:

The chairman encouraged foreign companies to make the same decision as Amazon, although whether this will happen remains to be seen.

WikiLeaks is now served from two IP addresses in Europe: one is hosted by Bahnhof Internet in Sweden, and the other is at OVH in France. Both www.wikileaks.org and cablegate.wikileaks.org are being served from these IP addresses, and have been showing good response times since the move.

Real-time performance graphs for both sites are available here:

HTML5 reaches 1% of the web

Despite still being developed, HTML5 is already in use on more than 1% of the world's websites.

Netcraft's December Web Server Survey found the HTML5 DOCTYPE on 1.06% of homepages. An additional 0.05% of sites made use of new HTML5 features without explicitly declaring the correct DOCTYPE.

HTML5 is the next major revision of the HTML standard, and looks set to supersede HTML 4.01 and XHTML 1.1 with its support for video and audio playback. Microsoft has recently shifted its strategy on Silverlight as a cross-platform solution and now wants to implement standards-based HTML5 really, really, really well in Internet Explorer 9.

Earlier this year, Google also announced that it was shifting effort towards bringing their now-deprecated Gears API capabilities into HTML5 standards. Google's Chrome browser uses the same WebKit rendering engine as Apple browsers, with Apple boasting support for HTML5 on each of its new mobile devices and Macs.

Desktop browser support for the full set of new features in HTML5 is still rather patchy, although it should be noted that the HTML5 specification is still a working draft and subject to change. Many web designers will be reluctant to use the newest features just yet, as a significant fraction of their visitors will be unable to enjoy the content as it was intended. This is clearly demonstrated by the rarity of HTML5 elements such as canvas (appearing directly on only 0.012% of homepages), video (0.011%) and audio (0.003%).

December 2010 Web Server Survey

In the December 2010 survey we received responses from 255,287,546 sites.

This month's largest change in market share was seen by nginx, which gained 0.59 percentage points and now serves 6.62 percent of the hostnames in the web server survey. The increase of 1.85M hostnames is mainly due to 656k Savvis hostnames moving from lighttpd to nginx, and 452k new hostnames on BurstNet.

The biggest losses in market share this month were seen by Microsoft, which lost 0.48 percentage points (but gained 85,564 hostnames), and lighttpd, which lost 0.32 percentage points. Many of the 761K hostnames lost by lighttpd can be explained by the large number of Savvis hostnames moving to nginx. The other major web server vendors all gained hostnames whilst losing small amounts of market share.

Open source HTTP accelerator Varnish gained 545k hostnames. A recent blog post on the varnish site identifies WikiLeaks as one particularly prominent user of the software, with both cablegate.wikileaks.org (performance graph) and warlogs.wikileaks.org (performance graph) served by Apache via Varnish.

Other highly popular sites such as Facebook, Twitter and eBay are also on record as being users of Varnish, although this is not evident from their server banners.

Total Sites Across All Domains
August 1995 - December 2010

Total Sites Across All Domains, August 1995 - December 2010


Market Share for Top Servers Across All Domains
August 1995 - December 2010

Graph of market share for top servers across all domains, August 1995 - December 2010


Developer November 2010 Percent December 2010 Percent Change
Apache 148,085,963 59.36% 151,516,152 59.35% -0.01
Microsoft 56,637,980 22.70% 56,723,544 22.22% -0.48
nginx 15,058,114 6.04% 16,910,205 6.62% 0.59
Google 14,827,157 5.94% 14,933,865 5.85% -0.09
lighttpd 2,070,300 0.83% 1,308,935 0.51% -0.32
Continue reading

WikiLeaks attack escalates

A few hours ago, we reported that cablegate.wikileaks.org was under attack. This attack has shifted its focus onto www.wikileaks.org, which is now being deluged with more than 10 gigabits of traffic per second, causing the site to become unavailable to visitors.

Since our earlier report, cablegate.wikileaks.org has been reconfigured to use a single IP address and is working normally – at least for now. The attackers may have diverted their efforts towards attacking www.wikileaks.org, as this is likely to be the first port of call for many of the site's visitors.

Real-time performance graphs for both sites are available here:

Cablegate under DDoS attack

WikiLeaks is currently under another distributed denial of service (DDoS) attack. This time the target appears to be cablegate.wikileaks.org – the website which hosts the leaked US embassy cables.

When the cablegate site was launched on Sunday, WikiLeaks' main website at www.wikileaks.org was subjected to a similar attack, causing it to go offline for several hours. The cablegate site itself was not affected by those attacks.

Today's attack is still ongoing, and has caused noticeable downtime over the past couple of hours:

The cablegate hostname is still configured to use three different IP addresses on a round-robin basis, essentially acting as a load balancer, although this does not appear to have prevented the current attack from succeeding. The performance graph shows the site may have been attacked over shorter periods earlier in the week, even though it has only made available a small fraction of the 250,000 cable messages. The attacks are likely to be symbolic more than anything else, as several large media groups have already been supplied with the full set of leaked messages.

A real-time performance graph for cablegate.wikileaks.org can be viewed here.