1. 中国云

    [Read this article in English]

    作为2012年度世界最大的贸易国,中国长期以来一直是一个劳动力和服务输出大国,即便是在信息技术领域,也和印度的差距越来越小。以亚马逊DigitalOcean为代表的欧美云计算服务提供商的不断发展壮大,预示着云计算基础设施会成为一种商品,而那些最廉价的提供商则会逐渐受到用户的青睐。

    中国网民数量在2013年6月达到了5.91亿,超越了美国和欧洲。把互联网应用和其他内容放在目标用户所在的国家可以有效缩短访问所需时间并提高访问稳定性,所以日益增加的网民数量对本国的互联网基础设施建设提出了要求。

    中国云主机市场的极速发展

    在过去一年,在中国大陆境内直接连接到国际互联网的Web服务器数量增长了8.3%,且绝大多数增长都来自于云主机市场。在直接连接到国际互联网的Web服务器数量方面,阿里云是目前中国最大的云主机提供商。特别值得一提的是,阿里云拥有的直接连接到国际互联网的Web服务器数量在2013年9月达到了17,934,比去年同期增长了6倍。放眼全球,其增长量仅次于云计算巨头亚马逊

    虽然中国的云计算基础设施建设尚处于起步阶段,但阿里云的未来还是很有希望的,因为它背靠着强大的阿里巴巴集团。阿里巴巴集团是中国拥有直接连接到国际互联网的Web服务器数量最多的公司,也是世界前30名之一,而且该集团旗下的淘宝网阿里巴巴交易市场等电子商务平台早已在中国家喻户晓。在阿里巴巴集团直接连接到国际互联网的Web服务器当中,有92%来自于阿里云。


    Metric Sep 2012 Mar 2013 Jun 2013 Jul 2013 Aug 2013 Sep 2013
    Hostnames 91,553 205,824 382,342 381,989 368,948 389,171
    Active sites 23,596 55,654 119,089 116,835 146,310 150,089
    Web-facing computers 2,670 8,038 15,931 16,846 17,670 17,934

    Detailed view of Aliyun in terms of hostnames (web sites), active sites, and web-facing computers.

    本土市场与中国防火长城

    尽管中国云主机市场增长迅猛,但是Netcraft发现这些增长绝大多数都来自于面向中国本土市场的网站。把服务器尽可能安置在离终端用户较近的地方可以提高访问性能这一点在中国格外突出:可能是受到金盾工程(亦称中国防火长城)的影响,流入或流出中国大陆的网络数据有时候会很慢,不稳定,甚至被屏蔽。2013年9月,从阿里云连接到国际互联网的网站的域名有一半以上都在.cn顶级域下,有41%是.com,而在其他国家顶级域下的域名则非常少见。由此可推断,与亚马逊的全球化服务不同,阿里云目前还是比较局限于中国本土市场。

    TLD share by domains of websites at Aliyun in September 2013


    阻碍中国云服务全球的绊脚石

    对于想吸引中国用户或访客的外国企业来说,使用中国境内的云主机是很有意义的,但是会遇到一些障碍。这些障碍也正解释了为什么中国云目前面向的主要还是本国用户且这种情况很可能还会持续一段时间:

    • 和最廉价的外国云主机提供商相比,中国云主机提供商在价格和操作系统等配置选择的多样性上都没有优势。以阿里云为例,除非选择2核或4核的CPU,否则按量付费的云主机不支持Windows操作系统,而且其价格也不比那些更成熟的竞争对手便宜。最廉价的按量付费的阿里云主机为单核CPU,512M内存,1Mbps带宽,价格每小时0.27元(约合0.04美金),几乎是亚马逊最便宜的云主机价格的两倍,而配置相近的DigitalOcean云主机的价格仅为每小时0.007美金。但是,由于定价模式的差异,包年包月的阿里云主机在某些情况下会比包年包月的亚马逊或DigitalOcean更便宜。
    • 从海外访问中国境内的网站有时不够顺畅 - 从英国发送到阿里云官方网站的数据包往返几乎要耗时半秒钟,而从美国访问的效果也没有好很多。在过去20天,有多达4%的来自荷兰的访问请求都以失败告终。

    • Performance of www.aliyun.com from a Netcraft performance collector located in the Netherlands


    • 很多中国主机服务提供商只支持中文。以阿里云为例,无论是官方网站、控制面板还是技术支持,中文都是其唯一的语言。不过,亚马逊云对中文的支持也几乎一样有限 - 只有首页有中文版。
    • 有些中国主机服务提供商只面向中国客户。例如:申请使用阿里云服务的用户必须要有一个中国的手机号来接收验证码以完成注册。按量付费的用户必须通过身份验证,而只有中国或个别亚太地区国家的公民或者中国的企业可以做这样的验证。想使用阿里云服务的客户还必须有一张与支付宝兼容的中国的银行卡。如果服务器需要通过域名访问,那么还必须在工信部备案,而这样的备案并不向外国企业开放。

    这些障碍意味着中国的云主机服务目前还不太可能冲出中国,面向世界。但是,伴随着来自阿里云这样的本地提供商和微软、亚马逊这样的海外提供商之间的竞争,中国的云服务器数量很有可能会继续增长,来满足国内日益增多的需求。微软为了将其云主机服务打入中国市场,已经开始与中国的一家名为世纪互联的基础设施服务提供商进行合作,并且正在为中国市场定制极具竞争力的价格计划。也许通过这样的模式,其他外国企业(比如亚马逊)也可以将其云主机服务打入中国市场,不仅提供本地的数据中心,同时也争取在严格的监管环境下为中国客户提供支持。同样的,如果上述这些障碍能够在一定程度上得到解决,相信阿里云和其他中国云主机提供商也能够在国际大舞台上获得更多的市场份额。

    Netcraft提供国际互联网基础设施方面的信息,包括主机服务提供商、网页技术等等。想了解更多关于云计算行业的信息,请访问 http://www.netcraft.com/internet-data-mining/


    Posted by Wenxiao Yuan (苑文筱) on 16th September, 2013 in Around the Net, Hosting, Web Server Survey

  2. Building the Great Cloud of China

    [中文版]

    China, the world's largest trading nation in 2012, has long been a desirable location for outsourcing labour and services, even within the technology and IT sector where it is not far behind India. The growth of cloud computing providers in Europe and the United States — particularly Amazon and DigitalOcean — may foretell cloud computing infrastructure becoming a commodity and outsourced to the cheapest provider.

    The ever-increasing number of internet users in China (591 million at the end of June 2013) requires the development of home-grown internet infrastructure: hosting web applications and other content within a target user's own country typically speeds up requests and improves reliability. The number of internet users in China is greater than either the United States or Europe.

    Stratospheric growth in Chinese cloud hosting

    Although the number of web-facing computers in China has grown by 8.3% over the last year — the majority of this growth has occurred within the cloud hosting market. Aliyun (云, pronounced 'yun', is the Chinese word for cloud) is the largest cloud computing provider in China in terms of the number of web-facing computers, and remarkably, Aliyun now has six times more web-facing computers than it did a year ago, reaching a total of 17,934 in September 2013. Worldwide, only the cloud computing giant Amazon gained a greater number of web-facing computers.

    Although China's cloud computing infrastructure is still in its infancy, Aliyun's future looks particularly promising, as it is owned by the Alibaba Group. This group is the largest hosting provider in China, features within the top 30 hosting providers worldwide, and has already established a strong internet presence with its better known e-commerce platforms, Taobao and Alibaba.com. Aliyun now makes up almost 92% of the web-facing computers at Alibaba Group.

    Metric Sep 2012 Mar 2013 Jun 2013 Jul 2013 Aug 2013 Sep 2013
    Hostnames 91,553 205,824 382,342 381,989 368,948 389,171
    Active sites 23,596 55,654 119,089 116,835 146,310 150,089
    Web-facing computers 2,670 8,038 15,931 16,846 17,670 17,934

    Detailed view of Aliyun in terms of hostnames (web sites), active sites, and web-facing computers.

    Indigenous market and the Great Firewall of China

    Despite the strong growth of the Chinese cloud hosting market, most of the growth seen by Netcraft is hosting sites aimed at the Chinese market. Hosting content as close to the end-users as possible increases the performance of the web site, and this effect is particularly prominent in China: internet traffic crossing the border can sometimes appear to be slow, unstable, or even blocked, perhaps as a side-effect of blocks enforced by the Golden Shield Project (also known as the Great Firewall of China). In September 2013, more than half of the domains of websites hosted at Aliyun were in the .cn TLD, around 41% in .com, whilst domains in other ccTLDs appeared to be very rare. Unlike Amazon's global reach, Aliyun's reach appears to be limited to the local market — at least for the time being.

    TLD share by domains of websites at Aliyun in September 2013


    Obstacles holding back the Chinese cloud

    Using cloud hosting in China could make sense for non-Chinese companies looking to increase their presence in China; however, a number of obstacles remain. These explain why the Chinese cloud is still mostly indigenous, and is likely to remain so for some time:

    • Neither the pricing models nor the variety or operating systems are as attractive as those offered by the cheapest non-Chinese cloud hosting companies. Taking Aliyun as an example, its on-demand instances do not support Windows operating systems unless you opt for a 2-core or 4-core CPU, and they are not significantly cheaper than its more established competitors. The cheapest on-demand option at Aliyun is ¥0.27 ($0.04) per hour which buys you a single core, 512MB of RAM, and a 1Mbps internet connection. This is almost twice the price of Amazon's cheapest option and a comparable DigitalOcean instance can be had for just $0.007 per hour. However, as pricing models vary, reserved instances at Aliyun can be cheaper in some circumstances.
    • Internet connectivity from outside China can be patchy — packets sent to www.aliyun.com from the United Kingdom take almost half a second to make the journey and back again, and the performance in the United States is not much better. More than 4% of requests to www.aliyun.com from the Netherlands failed during the past 20 days.

    • Performance of www.aliyun.com from a Netcraft performance collector located in the Netherlands


    • Many Chinese hosting services are only available in the Chinese language. This is the only language available for Aliyun's brochure website, control panel, and technical support. However, Amazon's support for the Chinese language is almost as limited — a single marketing site appears to be the sole Chinese-language site for AWS.
    • Some Chinese hosting companies only accept business from Chinese customers. For example, Aliyun's customers are required to have a Chinese mobile phone number in order to receive a verification code to complete the signup process. Customers wishing to buy an on-demand instance at Aliyun must go through an identity verification process, which requires the registrant to be a national of China or one of a few other Asia-Pacific countries, or to represent a Chinese company. Customers must also hold a credit or debit card issued by a Chinese bank compatible with Alipay. Customers must also register with the Chinese Ministry of Industry and Information Technology if they wish to associate a domain name with an Aliyun cloud server, but such registration is currently unavailable to foreign enterprises.

    The current obstacles suggest that the cloud is unlikely to be outsourced to China yet. However, the availability of cloud computers in China is likely to increase to match its rapidly increasing local demand with competition both from local providers like Aliyun and overseas players like Microsoft and Amazon. Microsoft has collaborated with a partner company in China, 21Vianet, in order to bring its Cloud to China, and is making competitive price plans customised for the Chinese market. Perhaps by following this model, other non-Chinese companies such as Amazon could enter the Chinese market, providing local data centres and support to Chinese-speaking customers within the stricter regulatory environment. Equally, if some red tape were cut and network connectivity improved, Aliyun and other Chinese cloud providers could be poised to take a larger share of the global cloud computing market.

    Netcraft provides information on the internet's infrastructure, including the hosting industry and web content technologies. For information on the cloud computing industry, please see http://www.netcraft.com/internet-data-mining/.

    Posted by Wenxiao Yuan (苑文筱) on 13th September, 2013 in Around the Net, Hosting, Web Server Survey

  3. Perfect Forward Secrecy in the Netcraft Extension

    Netcraft has added a Perfect Forward Secrecy (PFS) indicator to the Netcraft Extension for Firefox, Chrome and Opera. This lets users see which websites would allow encrypted traffic to be decrypted en mass at a later date if the site's private key were to be compromised — a danger previously highlighted by Netcraft in June.

    PFS, when implemented correctly, ensures that if the long-term private key of a site served over SSL is compromised, historical encrypted traffic cannot be decrypted in bulk. Instead, an eavesdropper would have to break each individual connection independently, which would be incredibly time consuming.

    With the recent revelations from Edward Snowden that the NSA is able to read encrypted internet traffic, PFS support is very desirable for privacy-conscious internet users, particularly in countries that also have key disclosure laws.

    Currently, most of the major web browsers make it difficult to tell whether or not a website supports PFS. For example, Chrome, Opera 15, and Internet Explorer display information about the current cipher suite in a pop-up, but checking for PFS support relies on in-depth knowledge. Firefox and Opera 12 display part of the cipher suite in their user interfaces; however, they crucially lack the key exchange mechanism, which means it is not possible for the user to tell whether the site supports PFS. Safari fares the worst, as it does not display any information at all about the current cipher suite.

    The Netcraft Extension — which blocks phishing attacks and displays metadata about visited websites — now clearly indicates whether the site you are visiting supports PFS. This is displayed in the user interface as a green tick if the site supports PFS, and a red cross if it does not. In addition, in both Chrome and Opera, a small indicator is displayed beside the Netcraft badge when visiting an SSL site which does not support PFS.

    The following screenshots show the PFS indicator in the Netcraft Extension when visiting the DuckDuckGo search engine, which enabled the use of PFS cipher suites after the lack of PFS was highlighted in Netcraft's previous analysis of PFS support.

    PFS indicator in the Netcraft Extension for Google Chrome™
    (The Opera version looks similar)

    PFS indicator in the Netcraft Extension for Firefox

    The Netcraft Extension is available for Firefox, Chrome and Opera, and can be downloaded from toolbar.netcraft.com. More information about the PFS indicator can be found on the Netcraft Extension FAQ page.

    Note: The new version of the Firefox extension is currently awaiting approval from Mozilla; however, it can be manually installed from the version history page by selecting version 1.8.1.

    Posted by Graham Edgecombe on 6th September, 2013 in Security

  4. Deceptive domain and SSL certificate issued by Network Solutions

    Network Solutions allowed a fraudster to register a deceptive domain name earlier this week: secure-chaseonline.com. Network Solutions also issued a valid SSL certificate for the domain, which was used for a phishing attack which targeted customers of Chase Bank.

    Phishing attack targeting Chase bank on secure-chaseonline.com

    The phishing site added further credibility to the attack by using an encrypted HTTPS connection. The fraudster obtained a domain-validated SSL certificate from Network Solutions, and, as with the domain, it was valid for one year from 3rd September 2013.

    The SSL certificate used on secure-chaseonline.com

    Although opportunities were missed to prevent the suspicious domain name being registered and the corresponding SSL certificate being issued, the certificate used by the site does at least support OCSP, which can allow the issuer to instantly revoke the certificate. However, the efficacy of this mechanism largely depends on which browser the victim is using, and how it has been configured. For example, Firefox — which does performs OCSP checks by default — will only display content from https://secure-chaseonline.com if the certificate has not been revoked. Google Chrome, on the other hand, does not perform such checks by default (for non-EV certificates).

    However, as Network Solutions was also the registrar of the domain, it would have been more effective to simply suspend the domain, which is what appears to have happened yesterday:

    No match for "SECURE-CHASEONLINE.COM".
    >>> Last update of whois database: Thu, 05 Sep 2013 12:56:58 UTC <<<
    

    The fraudulent SSL certificate was later revoked — the certificate's serial number can be found on Network Solutions' certificate revocation list at http://crl.netsolssl.com/NetworkSolutionsDVServerCA.crl

    The CA/Browser Forum's Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates [PDF] says that certificate authorities SHALL subject high risk requests — which includes names at high risk of being used in a phishing attack — to further scrutiny prior to issuance. Netcraft's Domain Registration Risk service is ideal for both domain registrars and certificate authorities, as it judges the likelihood of a new domain being used for fraudulent activities. It identifies domains which are deceptively similar to legitimate websites run by banks and other institutions that are commonly targeted by phishing attackers.

    While some phishing attacks can be identified prior to domain registration or SSL certificate issuance (such as the one described above), a significant proportion of phishing attacks make use of compromised web sites (often exploiting vulnerabilities in commonly deployed software platforms, such as WordPress). Netcraft can alert registries, SSL certificate authorities, or registrars and hosting companies of phishing sites discovered using their infrastructure to conduct a phishing attack.

    Please get in touch (sales@netcraft.com) if you would like to try out this service or for subscription information.

    Posted by Paul Mutton on 6th September, 2013 in Security

  5. Free domains put Mali back on the map – for phishing

    When the African nation of Mali announced that it was going to provide free .ml domains from July, their goal was to put Mali back on the map. It appears they have now succeeded, but perhaps not in the way they had intended — thanks to the free domains, Mali now has the most phishy top-level domain of any country in the world.

    Nearly 6% of the .ml domains in Netcraft's survey are currently blocked for hosting phishing sites, making it by far the phishiest TLD. In comparison, the second most phishy TLD, .bt (Bhutan), has only 0.7% of its sites blocked for phishing.

    .ml domains can be quickly and easily registered at Freenom, which is owned by the Netherlands-based Freedom Registry. Registrants are required to create an account with a valid email address, and a CAPTCHA is used to try and prevent automated registrations. Domains can be registered for between 1 and 12 months initially, with an unlimited number of renewals. Domains which contain more than 3 characters are free.

    It is not surprising to see free domain names being used in phishing attacks, but some TLDs have managed to tackle such fraud with astounding efficacy. The .tk TLD was taken advantage of extensively by phishers in 2011, prompting its registrar, Dot TK (another subsidiary of Freedom Registry), to introduce an anti-abuse API to allow trusted partners to shut down sites that use the .tk ccTLD. This dramatically reduced the average uptime of phishing sites which used .tk domains, making it a less attractive platform for fraudsters. Indeed, .tk does not even appear within the top 50 phishiest TLDs today; however, considering .tk and .ml share the same owner, this makes it somewhat surprising to see .ml being so heavily abused already.


    A Taobao (Chinese shopping site) phish using a .ml domain, hosted in the US.

    Despite the obvious appeal of a free and easily registered domain name when orchestrating a phishing attack, the phishiest TLDs are not always free, nor easy to register. Back in June, Morocco had the phishiest TLD (.ma), although it has since fallen to 12th place. As well as not being free, the administrative contact for an .ma domain must be established in Morocco; however, people living outside Morocco can still register an .ma domain through third parties.

    Netcraft provides services to help protect domain registries, brand owners and hosting companies. You can also protect yourself against the latest phishing attacks by installing Netcraft's Anti-Phishing Extension and help protect the internet community by reporting potential phishing sites to Netcraft by email to scam@netcraft.com or at http://toolbar.netcraft.com/report_url

    Posted by Paul Mutton on 5th September, 2013 in Domains, Security

  6. September 2013 Web Server Survey

    In the September 2013 survey we received responses from 739,032,236 sites, 22.2M more than last month.

    nginx gained 7.4M hostnames this month, and the web server is now used by more than 15% of the web. Within the Million Busiest websites, however, nginx's market share dipped slightly but remains just under 15%. Seeking to capitalise on nginx's success (usage of nginx has almost doubled in the last two years), Nginx Inc. has launched nginx Plus, a commercial variant of the nginx web server. nginx Plus provides additional services not available in the open-source version including on-the-fly configuration which has drawn mixed feedback from the community.

    Apache contributed most to this month's growth, with a net gain of 9.7M hostnames; however, for the second consecutive month, Apache's market share remains below 50%. Apache's market share has been falling steadily since June 2012 (when it had a 64% share of the market) — despite its current downward trend, Apache is still the most commonly seen web server, its market share is greater than nginx, Microsoft, and Google combined. Microsoft, on the other hand, had the largest drop in hostnames this month, 2.4M, and lost market share across all sites and within the Million Busiest sites. Microsoft is getting closer to the official release of Windows Server 2012 R2 on the 18th October 2013. Even before the official release, IIS 8.5 is seemingly in use already — more than 300 sites reported using IIS/8.5 during this month's survey.

    At the end of August, ICANN signed 13 new generic top level domain (gTLD) agreements with a number of private organizations. The agreements define new gTLDs including .estate, .guru, .voyage, .holdings. These agreements follow the first set, published in July, that have been signed since ICANN decided to drop a number of restrictions on top level domain name registrations. Netcraft has not yet seen any domains within the four TLDs agreed in July (all of which use non-latin characters encoded using the punycode representation).

    In a study published earlier in August by ICANN assessing dotless domain security and stability a number of key risks have been identified that ICANN will need to mitigate before dotless gTLDs (e.g. accessing http://com/ directly) can be safely implemented. This puts on hold Google’s intentions to run .search as a dotless domain (http://search). The .home and .corp gTLD applications are also on hold, and identified as high risk after a study was published addressing the consequences of name collisions.





    DeveloperAugust 2013PercentSeptember 2013PercentChange
    Apache336,622,05046.96%346,288,70646.86%-0.10
    Microsoft163,098,70322.75%160,691,76321.74%-1.01
    nginx104,311,56814.55%111,680,07815.11%0.56
    Google30,550,9144.26%34,806,5024.71%0.45
    (more...)

    Posted by Netcraft on 5th September, 2013 in Web Server Survey

Page 7 of 186« First...56789102030...Last »