In the February 2006 survey we received responses from 76,184,000 sites, an increase of 933K from January's total. This month's survey finds different trends emerging in hostnames and active sites. Apache continues its strong growth with an increase of 1.3 million hostnames for the month, adding nearly a full point to its commanding market share lead. The active sites data shows a very different result, with Windows servers gaining 185K active sites, while Apache adds just 14K.
The split reflects increased volatility in the Web Server Survey in recent months following a lengthy period of market share stability. Factors include continuing site shifts at registrars and large domain "parking" operations. In recent months both Apache and Microsoft have seen sudden dips in hostname market share as huge blocks of bulk-registered domains expired at Zipa (December) and enom (November). This month there was a drop of 269K sites on Apache at Dotster as a clock of bulk-registered domains expired, which was offset by a surge in new domain registrations, which included 1.4 million new sites on Apache.
Meanwhile, Microsoft has made gains in hosting in Germany and Japan, two markets which traditionally have been dominated by Linux. Windows servers have gained substantial numbers of active sites at German host Intergenia and Excite Japan.Total Sites Across All Domains August 1995 - February 2006
Developer January 2006 Percent February 2006 Percent Change Apache 50502840 67.11 51810676 68.01 0.90 Microsoft 15510953 20.61 15666702 20.56 -0.05 Sun 1879856 2.50 1880313 2.47 -0.03 Zeus 561524 0.75 579198 0.76 0.01
Security holes in PHP-based content management and forum apps are an increasingly active front in Internet security, as hackers target unpatched weaknesses. The latest example is Monday's hack of chip maker AMD's customer support forums, in which an older version of Invision Power Board was compromised and used to distribute malware using the Windows Metafile (WMF) exploit.
While Windows flaws like the WMF vulnerability are useful to hackers assembling armies of compromised desktop computers, security holes in PHP applications provide access to more powerful servers hooked directly to high-speed network connections.
Internet criminals have targeted unpatched vulnerabilities in open source CMS apps including phpBB, PostNuke, Mambo, Drupal and others, hoping to build botnets for use in phishing scams and distributed denial of service (DDoS) attacks. Compromised web forums hosted more than 600 phishing spoof sites identified by the Netcraft Toolbar Community in 2005 (as noted in our Year in Phishing roundup).
The DDoS capabilities of server-based zombies was demonstrated in a December attack by a large botnet of Linux machines, in which attackers flooded their target with more than 6 gigabytes of data per second. Hosting providers with multiple IP addresses being used in the botnet included Level 3, Savvis, AT&T WorldNet, 1&1 Internet, Interland and The Planet. The network used in the December attack was assembled by exploiting known security holes, including a vulnerability in the Limbo CMS that had been patched at least six weeks earlier.(more...)
ChoicePoint will pay $10 million in civil penalties and another $5 million to set up a fund to compensate consumers whose financial records were exposed in a massive data breach last year, the Federal Trade Commission (FTC) announced today. The fine is believed to be the largest ever for a security incident, and signals Washington's growing impatience with corporate security breaches.
"The message to ChoicePoint and others should be clear: Consumers’ private data must be protected from thieves," said Deborah Platt Majoras, Chairman of the FTC. "Data security is critical to consumers, and protecting it is a priority for the FTC, as it should be to every business in America."
ChoicePoint provides data to credit providers, government agencies and landlords. Earlier today it reported $1.1 billion in revenue for 2005. In late 2004 criminals using falsified credentials were able to sign up for sensitive ChoicePoint services and access account information for 163,000 consumers, the FTC said.(more...)
The company hosting the Million Dollar Homepage says an electronic attack was responsible for the extended outages earlier today. The distributed denial of service (DDoS) occurred as college student Alex Tew sold the final 1,000 pixels if his innovative ad service in an eBay auction for $38,100. The attack left the milliondollarhomepage.com site unreachable for large portions of the day, as seen in a performance chart for the site.
"The site received a major DDoS attack, and DDoS protection/prevention was not included in the customer's plan," Russell Weiss of InfoRelay Online Systems, Inc. wrote in an e-mail to Netcraft. "That said, we voluntarily took a number of steps to alleviate this attack while working within the appropriate budget." InfoRelay is the owner and operator of Sitelutions, which hosts the Million Dollar Homepage.
Tew has promised to keep the site online for at least five years. The DDoS attacks raise the prospect that operating milliondollarhomepage.com may prove more expensive than Tew originally envisioned. Tew will not be charged for any additional bandwidth consumed by the attack. But as Weiss noted, defense against DDoS attacks is typically a paid service not included with basic hosting accounts.(more...)
The Million Dollar Homepage was unavailable for an extended period early today, as huge publicity accompanied the completion of Alex Tew's novel online advertising service. Tew, a 21-year-old UK college student, sold the final 1,000 pixels for $38,100 in an eBay auction that closed Wednesday, netting Tew a total of $1,037,100 in total ad sales. The winner of the auction has not yet been announced. Tew launched the site in September to pay his college expenses, offering 1 million pixels of ad space at $1 a pixel.
The gimmick has paid off in huge web traffic. Milliondollarhomepage.com has received up to 500,000 unique visitors per day, and uses up to 200 megabits per second of Internet bandwidth, according to its host, Sitelutions. The Million Dollar Homepage is scheduled to remain online for five years, and appears to now be back online after several hours of downtime, which can be seen in this performance chart:
A dynamically updating performance chart is available for milliondollarhomepage.com. Netcraft offers a web site performance monitoring service that provides similar charts, along with e-mail alerts when an outage occurs.(more...)
The official web site for the MacWorld Expo was bogged down by heavy traffic today as Apple CEO Steve Jobs took the stage at the Moscone Center for his annual keynote address. In a repeat of last year's keynote, the crush of surfers eager for details on the latest Apple products slowed macworldexpo.com to a crawl. The site was knocked offline Monday night, apparently from traffic chasing the latest rumors about new product unveilings. On Jan. 3 the site (which ironically is powered by Windows Server 2003) was shifted to new hosting digs at Level 3, perhaps in anticipation of heavy traffic during the annual MacWorld show.
Mac enthusiast sites adapted their sites to manage the extra traffic, as the Mac News Network went to an all-text, ad-free page as it live-blogged Jobs' speech.
A dynamically updating performance charts are available for the www.macworldexpo.com site.