IPowerWeb Most Reliable Hoster in June

Ranking by Failed Requests and Connection time,
June 1st - 30th 2006

hoster_performance_june06.PNG

iPowerWeb is the most reliable hostinig company site in June, followed closely by Hostway, as budget hosts continue to demonstrate that their networks can compete with those of high-end managed hosting providers.

iPowerWeb's shared hosting accounts start at $7.95 a month for packages that include a free domain and 10 gigs of disk space. Hostway, which ties for second with Above.net this month, offers "SuperPower" shared hosting accounts that include 150 gigs of disk space and 1,500 gigs of data transfer (no, those aren't typos) starting at $9.95 a month.

Leading managed hosting providers continue to turn in strong performance, with Datapipe, Navisite, Rackspace and New York Internet all among the top 10, which included four sites on FreeBSD, three on Linux and two using Windows Server 2003. Of the 50 major hosts we monitor, 34 had no measurable outages in June.

Continue reading

July 2006 Web Server Survey

In the July 2006 survey we received responses from 88,166,395 sites, an increase of 2.87 million (3.25%) from last month. The Internet continues to see strong hostname growth, and has now gained 14.1 million hostnames (19%) in 2006 for an average increase of more than 2 million per month.

It was a good month for the Apache web server, which gains 3.2 million hostnames. The improvement boosts Apache's market share by 1.8% to 63.25%, gaining back some of the ground it lost during several months of strong gains for Windows servers. The largest gains for Apache was at Oversee.Net, which added more than 0.58 million hostnames on the Linux/Apache platform. But Apache's growth in the hosting sector extends beyond Oversee.Net, as eleven other hosting companies added 20K or more hostnames on Apache.

Solaris has a loss of 953K hostnames, resulting in a loss of nearly half its market share (-1.1% to 1.5%). The decline occurred at a single host, Network Solutions, where access problems prevented us from obtaining a thorough tally.

Total Sites Across All Domains August 1995 - July 2006

Total Sites Across All Domains, August 1995 - July 2006

Graph of market share for top servers across all domains, August 1995 - July 2006

Top Developers
DeveloperJune 2006PercentJuly 2006PercentChange
Apache5238988561.255562258463.091.84
Microsoft2541561129.712598809929.48-0.23
Zeus5313990.625185030.59-0.03
Sun13118221.533470370.39-1.14

Continue reading

SQL Injection Weaknesses Found in Mambo, Joomla

Potentially serious security flaws have been found in existing versions of the Mambo and Joomla content management systems, and developers of the two projects are advising users to install upgrades or security patches as soon as possible. Both programs are vulnerable to SQL injection attacks, which allow remote attackers to execute commands on the web server in by typing SQL code into form fields. Joomla is a fork of Mambo, with both programs derived from the same code base.

Mambo and Joomla are open source projects which use the PHP scripting language and MySQL database. These applications are popular with web site owners because they are powerful, user-friendly, and can be installed by users with little or no PHP coding experience. They are also frequently targeted by Internet criminals seeking to crack web servers for use in botnets, phishing scams and distributed denial of service (DDoS) attacks. The Internet Storm Center said it is receiving reports that older versions of Mambo are being actively targeted and exploited using unpatched vulnerabilities.

Continue reading

Network Problems for Level 3, Wiltel

Network problems at Internet backbone provider Level 3 have caused some intermittent connectivity problems today for customers of several U.S. access providers. The issue appears to be related to network integration of Wiltel Communications, which was acquired by Level 3 last fall. By late afternoon, East Coast time, Level 3 was reporting that the situation had been stabilized. Level 3 is one of the largest providers of wholesale dial-up service to ISPs in North America and is the primary provider of Internet connectivity for millions of broadband subscribers through its cable and DSL partners.

Lengthy Downtime for Fasthosts

Many sites hosted at Fasthosts, one of the UK's largest hosting providers, were unavailable for about 9 hours Sunday. Fastshosts hosts approximately 560,000 hostnames. The outage knocked out Fasthosts' own site, along with customers including Net4Now, which attributed the problems to a fiber cut at Telewest/BlueYonder. The fiber cut also affected cable TV service to about 100,000 UK subscribers who lost their signal just prior to the start of Sunday's World Cup soccer game, in which England defeated Ecuador 1-0.

Net4Now wondered how a fiber cut at a single connectivity provider could affect so many sites, given Fasthosts' statement that "every server enjoys a fully redundant Tier 1 connection so our customers never experience slow-down or service interruptions." The outage can be seen in this chart of the uptime for Fasthosts' main web site:

Fasthosts web site performance

A dynamically updating chart of Fasthosts' web site performance is available. Continue reading

PayPal Security Flaw allows Identity Theft

A security flaw in the PayPal web site is being actively exploited by fraudsters to steal credit card numbers and other personal information belonging to PayPal users. The issue was reported to Netcraft today via our anti-phishing toolbar.

The scam works quite convincingly, by tricking users into accessing a URL hosted on the genuine PayPal web site. The URL uses SSL to encrypt information transmitted to and from the site, and a valid 256-bit SSL certificate is presented to confirm that the site does indeed belong to PayPal; however, some of the content on the page has been modified by the fraudsters via a cross-site scripting technique (XSS).

The genuine PayPal SSL certificate used by the scam
paypal-ssl.png

When the victim visits the page, they are presented with a message that has been 'injected' onto the genuine PayPal site that says, "Your account is currently disabled because we think it has been accessed by a third party. You will now be redirected to Resolution Center." After a short pause, the victim is then redirected to an external server, which presents a fake PayPal Member log-In page. At this crucial point, the victim may be off guard, as the paypal.com domain name and SSL certificate he saw previously are likely to make him realise he has visited the genuine PayPal web site – and why would he expect PayPal to redirect him to a fraudulent web site?

Fraudsters manipulating content on genuine PayPal site
paypal-scam.png

If the victim logs in via the fake login page, their PayPal username and password is transmitted to the fraudsters and they are subsequently presented with another page which requests them to enter further details to remove limits on the access of their account. Information requested includes social security number, credit card number, expiration date, card verification number and ATM PIN.

The server currently running the scam is hosted in Korea and is accessed via a hex-encoded IP address. The Netcraft Toolbar already protects PayPal users by blocking access to this site.

UPDATE: Paypal has now addressed this vulnerability. A company spokesman said Paypal is working with the Internet service provider that hosts the malicious site to get it shut down, and does not yet know how many people may have fallen victim to the scam.

Netcraft's Web Application Security Testing service can identify similar cross-site scripting flaws on your organization's web servers. Please contact us for further information.