Payment Gateway StormPay Battling Sustained DDoS Attack

Payment gateway StormPay is recovering from a distributed denial of service attack (DDoS) that has kept its web site offline for much of the past two days. The company, which provides online payment processing for thousands of e-commerce web sites, came back online Friday after a sustained attack that commenced last weekend. The DDoS on StormPay is the latest in a series of attacks on services that allow web merchants to accept credit cards.

The attacks flooded StormPay with up to 6 gigabits a second of data, according to Barrett Lyon, chief technology officer of Prolexic Technologies, which specializes in DDoS defense and is working with StormPay to mitigate the attack. Lyon said the DDoS involved DNS amplification, using bogus DNS requests to cause Internet nameservers to inundate StormPay's web site with traffic. The impact can be seen on the performance chart for StormPay.com:

StormPay site performance

A dynamically updating performance chart is available for stormpay.com. Netcraft offers a web site performance monitoring service that provides similar charts, along with e-mail alerts when an outage occurs.

Continue reading

Go Daddy 2005 Super Bowl Ad Followed by Huge Gains

After a year of explosive growth, Go Daddy has surpassed 1&1 Internet as the world's largest web host - at least for the moment. With a net gain of 255K hostnames this month, Go Daddy's web infrastructure now houses 5,544,296 hostnames, about 95K more than 1&1, according to our Hosting Provider Switching Analysis. 1&1, which is based in Germany, has had the largest number of hostnames each month since the inception of the hosting survey in early 2003.

Hostname growth: Go Daddy and 1&1 InternetThe milestone comes as Go Daddy prepares to advertise in Sunday's Super Bowl XL broadcast, which is expected to be seen by a global television audience of more than 90 million. Go Daddy, which will pay $2.5 million for each of two 30-second ads, had 13 of its edgy ad submissions rejected by ABC censors before gaining an approval on Thursday.

Why is Go Daddy so keen on advertising in the Super Bowl again this year? Did the company's controversial 2005 ad really help sell domains and hosting services? The numbers speak for themselves: Go Daddy has experienced powerful growth over the past year, adding 2.5 million hostnames since January 2005. Many of those hostnames represent sales of domain names, products that generate revenue once a year (upon the initial sale and each annual renewal). But domains are an important gateway to the sale of additional services such as web hosting and SSL certificates.

Continue reading

February 2006 Web Server Survey

In the February 2006 survey we received responses from 76,184,000 sites, an increase of 933K from January's total. This month's survey finds different trends emerging in hostnames and active sites. Apache continues its strong growth with an increase of 1.3 million hostnames for the month, adding nearly a full point to its commanding market share lead. The active sites data shows a very different result, with Windows servers gaining 185K active sites, while Apache adds just 14K.

The split reflects increased volatility in the Web Server Survey in recent months following a lengthy period of market share stability. Factors include continuing site shifts at registrars and large domain "parking" operations. In recent months both Apache and Microsoft have seen sudden dips in hostname market share as huge blocks of bulk-registered domains expired at Zipa (December) and enom (November). This month there was a drop of 269K sites on Apache at Dotster as a clock of bulk-registered domains expired, which was offset by a surge in new domain registrations, which included 1.4 million new sites on Apache.

Meanwhile, Microsoft has made gains in hosting in Germany and Japan, two markets which traditionally have been dominated by Linux. Windows servers have gained substantial numbers of active sites at German host Intergenia and Excite Japan.

Total Sites Across All Domains August 1995 - February 2006

Total Sites Across All Domains, August 1995 - February 2006

Graph of market share for top servers across all domains, August 1995 - February 2006

Top Developers
DeveloperJanuary 2006PercentFebruary 2006PercentChange
Apache5050284067.115181067668.010.90
Microsoft1551095320.611566670220.56-0.05
Sun18798562.5018803132.47-0.03
Zeus5615240.755791980.760.01

Continue reading

PHP Apps A Growing Target for Hackers

Security holes in PHP-based content management and forum apps are an increasingly active front in Internet security, as hackers target unpatched weaknesses. The latest example is Monday's hack of chip maker AMD's customer support forums, in which an older version of Invision Power Board was compromised and used to distribute malware using the Windows Metafile (WMF) exploit.

While Windows flaws like the WMF vulnerability are useful to hackers assembling armies of compromised desktop computers, security holes in PHP applications provide access to more powerful servers hooked directly to high-speed network connections.

Internet criminals have targeted unpatched vulnerabilities in open source CMS apps including phpBB, PostNuke, Mambo, Drupal and others, hoping to build botnets for use in phishing scams and distributed denial of service (DDoS) attacks. Compromised web forums hosted more than 600 phishing spoof sites identified by the Netcraft Toolbar Community in 2005 (as noted in our Year in Phishing roundup).

The DDoS capabilities of server-based zombies was demonstrated in a December attack by a large botnet of Linux machines, in which attackers flooded their target with more than 6 gigabytes of data per second. Hosting providers with multiple IP addresses being used in the botnet included Level 3, Savvis, AT&T WorldNet, 1&1 Internet, Interland and The Planet. The network used in the December attack was assembled by exploiting known security holes, including a vulnerability in the Limbo CMS that had been patched at least six weeks earlier.

Continue reading

ChoicePoint Fined $10 Million for Data Breach

ChoicePoint will pay $10 million in civil penalties and another $5 million to set up a fund to compensate consumers whose financial records were exposed in a massive data breach last year, the Federal Trade Commission (FTC) announced today. The fine is believed to be the largest ever for a security incident, and signals Washington's growing impatience with corporate security breaches.

"The message to ChoicePoint and others should be clear: Consumers’ private data must be protected from thieves," said Deborah Platt Majoras, Chairman of the FTC. "Data security is critical to consumers, and protecting it is a priority for the FTC, as it should be to every business in America."

ChoicePoint provides data to credit providers, government agencies and landlords. Earlier today it reported $1.1 billion in revenue for 2005. In late 2004 criminals using falsified credentials were able to sign up for sensitive ChoicePoint services and access account information for 163,000 consumers, the FTC said.

Continue reading

DDoS Attack Cited in Million Dollar Homepage Outage

The company hosting the Million Dollar Homepage says an electronic attack was responsible for the extended outages earlier today. The distributed denial of service (DDoS) occurred as college student Alex Tew sold the final 1,000 pixels if his innovative ad service in an eBay auction for $38,100. The attack left the milliondollarhomepage.com site unreachable for large portions of the day, as seen in a performance chart for the site.

"The site received a major DDoS attack, and DDoS protection/prevention was not included in the customer's plan," Russell Weiss of InfoRelay Online Systems, Inc. wrote in an e-mail to Netcraft. "That said, we voluntarily took a number of steps to alleviate this attack while working within the appropriate budget." InfoRelay is the owner and operator of Sitelutions, which hosts the Million Dollar Homepage.

Tew has promised to keep the site online for at least five years. The DDoS attacks raise the prospect that operating milliondollarhomepage.com may prove more expensive than Tew originally envisioned. Tew will not be charged for any additional bandwidth consumed by the attack. But as Weiss noted, defense against DDoS attacks is typically a paid service not included with basic hosting accounts.

Continue reading