Eswatini Government's gov.sz website is running a cryptojacker
22nd October, 2021
The Government of Eswatini’s website, www.gov.sz, is running a
cryptojacker. Cryptojackers
use website visitors' CPU power to mine cryptocurrency, most often without their knowledge or permission.
Data from archive.org suggests the JavaScript snippet was added to the site’s HTML source between
28th September and
6th October.
WebMinePool cryptojacker injection on www.gov[.]sz.
While sites that are kept open for long periods of time are often the most lucrative – the longer the victim’s browser tab is open, the more cryptocurrency can be mined — criminals are typically not fussy when deploying cryptojackers. Criminals can target large swathes of sites at once, including those using vulnerable or out-of-date software, compromised third-party JavaScript, or with easily guessable administrator credentials.
October 2021 Web Server Survey
15th October, 2021
In the October 2021 survey we received responses from 1,179,448,021 sites across 265,426,928 unique domains and 11,388,826 web-facing computers. This reflects a loss of 8.59 million sites, but a gain of 1.07 million domains and 20,800 computers.
The number of unique domains powered by the nginx web server grew by 789,000 this month, which has increased its total to 79.5 million domains and its leading market share to 29.9%. Conversely, Apache lost 753,000 domains and saw its second-place share fall to 24.7%. Meanwhile, Cloudflare gained 746,000 domains – almost as many as nginx – but it stays in fourth place with an 8.15% share while OpenResty's shrank slightly to 14.5%.
Cloudflare also made strong progress amongst the top million websites, where it increased its share by 0.24 percentage points to 18.2%. nginx is in second place with a 22.5% (+0.12pp) share but has closed the gap on Apache which still leads with 24.0% after losing 0.21pp.
Apache also continues to lead in terms of active sites, where it has a total of 48.0 million. However, it was the only major vendor to suffer a drop in this metric, with a loss of 277,000 active sites reducing its share down to 23.9% (-0.29pp). In terms of all sites, nginx lost the most (-9.99 million) but remains far in the lead with a total of 412 million.
Apache vulnerability being actively exploited in the wild
Apache 2.4.51 was released on 7 October. This is the latest release in the 2.4.x stable branch, which the developers consider to be the best available version of the Apache HTTP Server; but more importantly, this release fixes a path traversal vulnerability present in Apache 2.4.49 and 2.4.50. Apache 2.4.50 was itself released a day earlier in an attempt to fix the vulnerability present in 2.4.49, but the fix was found to be insufficient.
The vulnerability is being actively exploited in the wild, so anyone still running an unpatched Apache 2.4.49 or 2.4.50 installation should upgrade immediately. In some cases, the path traversal vulnerability could facilitate remote code execution on the web server.
Due to the nature of this vulnerability, some otherwise vulnerable installations may be immune to attack if a web application firewall (WAF) is in place, or if a frontend proxy or load balancer modifies malicious requests in a way that makes them safe. For instance, all vulnerable Apache installations served via the Cloudflare content delivery network would have been protected from the outset if Normalize URLS to origin were enabled, and the Cloudflare WAF has rules that would have stopped many exploit attempts.
Other vendor and hosting news
- During September, Microsoft released fixes for three elevation of privilege and one remote code execution vulnerabilities in the Open Management Infrastructure (OMI) framework, which is used by several Azure Virtual Machine management extensions. The remote code execution vulnerability can only affect customers using a Linux management solution with remote OMI enabled. A full list of the vulnerable extensions and update availability is being maintained on the Microsoft Security Response Center blog.
- Microsoft announced the general availability its Azure Purview data governance solution on 28 September.
- On 5 October, Microsoft removed the waiting list for its Azure NetApp Files bare-metal cloud file storage and data management service.
- lighttpd 1.4.60 was released on 3 October. This version includes a large number of changes, including several bugfixes and improved handling of HTTP/2 connections.
- LiteSpeed Web Server 6.0.9 was released on 20 September to address several bugs and add a new log rotation feature. OpenLiteSpeed 1.7.14 – the open source edition of LiteSpeed Web Server Enterprise – was released on 7 September.
| Developer | September 2021 | Percent | October 2021 | Percent | Change |
|---|---|---|---|---|---|
| nginx | 422,211,703 | 35.54% | 412,222,221 | 34.95% | -0.59 |
| Apache | 295,667,361 | 24.89% | 290,462,410 | 24.63% | -0.26 |
| OpenResty | 77,052,370 | 6.49% | 76,038,576 | 6.45% | -0.04 |
| Cloudflare | 56,362,363 | 4.74% | 57,482,103 | 4.87% | 0.13 |
Most Reliable Hosting Company Sites in September 2021
4th October, 2021
| Rank | Performance Graph | OS | Outage hh:mm:ss |
Failed Req% |
DNS | Connect | First byte |
Total |
|---|---|---|---|---|---|---|---|---|
| 1 | New York Internet (NYI) | FreeBSD | 0:00:00 | 0.000 | 0.554 | 0.061 | 0.121 | 0.122 |
| 2 | Bigstep | Linux | 0:00:00 | 0.000 | 0.201 | 0.063 | 0.125 | 0.125 |
| 3 | CWCS Managed Hosting | Linux | 0:00:00 | 0.000 | 0.247 | 0.066 | 0.132 | 0.132 |
| 4 | Dinahosting | Linux | 0:00:00 | 0.000 | 0.202 | 0.073 | 0.147 | 0.147 |
| 5 | Swishmail | Linux | 0:00:00 | 0.000 | 0.229 | 0.096 | 0.192 | 0.192 |
| 6 | ServerStack | Linux | 0:00:00 | 0.000 | 0.213 | 0.100 | 0.200 | 0.200 |
| 7 | Pair Networks | Linux | 0:00:00 | 0.000 | 0.365 | 0.116 | 0.232 | 0.232 |
| 8 | GoDaddy.com Inc | Linux | 0:00:00 | 0.007 | 0.419 | 0.008 | 0.033 | 0.035 |
| 9 | Rackspace | Linux | 0:00:00 | 0.007 | 0.489 | 0.010 | 0.020 | 0.020 |
| 10 | Hyve Managed Hosting | Linux | 0:00:00 | 0.007 | 0.138 | 0.073 | 0.145 | 0.145 |
In September 2021, New York Internet (NYI) had the most reliable hosting company site: it responded to all of Netcraft’s requests, with an average connection time of 61ms. NYI has appeared in the top 10 table seven times in 2021 so far. Customers can choose from a range of cloud, colocation, bare metal and managed solutions.
Bigstep, CWCS Managed Hosting and Dinahosting appear in second, third and fourth places. Bigstep came close to NYI in average connection time, averaging 63ms. CWCS and Dinahosting both followed, averaging 66ms and 73ms respectively.
Bigstep’s bare metal cloud hosting provides the flexibility of cloud hosting without the associated overhead and performance reductions of virtualization. The bare metal offerings are available in data centres in the UK and Romania.
CWCS provides dedicated servers along with cloud services, as well as domain registration and VPS hosting. CWCS has data centres across the UK, as well as North America.
Dinahosting provides cloud hosting and domain registration services, with data centres located at Interxion and Global Switch, in Madrid.
The top hosting company in September used FreeBSD, whilst the rest of the top 10 used Linux. This marks the first time in 2021 that a non-Linux provider has been the most reliable host, but Linux remains clearly dominant in the top 10 throughout this year.
September 2021 Web Server Survey
29th September, 2021
In the September 2021 survey we received responses from 1,188,038,392 sites across 264,360,621 unique domains and 11,368,033 web-facing computers. This reflects a loss of 23.4 million sites, but a gain of 627,000 domains and 40,300 computers.
The largest increase in both unique domains and active sites was seen by LiteSpeed this month, with gains of 571,000 (+9.3%) domains and 458,000 (+6.0%) active sites. Much of this increase was concentrated at a single hosting provider, NameCheap, where there were corresponding drops in the numbers of domains and active sites using Apache. As a result, LiteSpeed’s market share in the domains metric increased by 0.21 percentage points to 2.6%.
Cloudflare also saw strong growth in domains, with an increase of 519,000 resulting in a small increase in its market share to 7.90%. Amongst the million busiest websites Cloudflare had substantially the biggest increase in use, leaving it with an 18.0% market share. It is now just 44,000 sites or 4.4 percentage points of market share behind nginx in second position.
Other server vendors to see increases in terms of unique domains include OpenResty which grew by 314,000 domains, and market leader nginx which grew by 195,000. Despite having only the fourth largest growth this month, nginx maintained its 29.8% market share.
The number of web-facing computers using nginx has increased once again, whilst both Apache and Microsoft lost both in absolute numbers and market share. This month nginx saw an increase of 40,800 raising its market share to 37.2%. Apache and Microsoft each lost 0.24 percentage points of market share to leave them with 30.8% and 11.9% shares. LiteSpeed gained 4,660 computers (+5.9%).
| Developer | August 2021 | Percent | September 2021 | Percent | Change |
|---|---|---|---|---|---|
| nginx | 441,930,791 | 36.48% | 422,211,703 | 35.54% | -0.94 |
| Apache | 305,180,858 | 25.19% | 295,667,361 | 24.89% | -0.30 |
| OpenResty | 75,516,218 | 6.23% | 77,052,370 | 6.49% | 0.25 |
| Cloudflare | 55,830,630 | 4.61% | 56,362,363 | 4.74% | 0.14 |
Most Reliable Hosting Company Sites in August 2021
3rd September, 2021
| Rank | Performance Graph | OS | Outage hh:mm:ss |
Failed Req% |
DNS | Connect | First byte |
Total |
|---|---|---|---|---|---|---|---|---|
| 1 | www.choopa.com | Linux | 0:00:00 | 0.000 | 0.262 | 0.003 | 0.020 | 0.020 |
| 2 | Aruba | Linux | 0:00:00 | 0.000 | 0.412 | 0.005 | 0.026 | 0.026 |
| 3 | Bigstep | Linux | 0:00:00 | 0.000 | 0.200 | 0.062 | 0.125 | 0.125 |
| 4 | CWCS Managed Hosting | Linux | 0:00:00 | 0.000 | 0.250 | 0.068 | 0.134 | 0.134 |
| 5 | Hyve Managed Hosting | Linux | 0:00:00 | 0.000 | 0.143 | 0.073 | 0.148 | 0.148 |
| 6 | ServerStack | Linux | 0:00:00 | 0.000 | 0.214 | 0.100 | 0.201 | 0.201 |
| 7 | www.flexential.com | Linux | 0:00:00 | 0.000 | 0.248 | 0.104 | 0.208 | 0.208 |
| 8 | Pair Networks | Linux | 0:00:00 | 0.000 | 0.369 | 0.118 | 0.235 | 0.235 |
| 9 | GoDaddy.com Inc | Linux | 0:00:00 | 0.007 | 0.415 | 0.005 | 0.025 | 0.027 |
| 10 | Rackspace | Linux | 0:00:00 | 0.007 | 0.485 | 0.007 | 0.017 | 0.017 |
In August 2021, Choopa had the most reliable hosting company site: it responded to all of Netcraft’s requests, with an average connection time of 3ms. Choopa has appeared in the top 10 table five times in 2021 so far, also coming top in February and April of this year. Customers can choose from a range of cloud and managed solutions as well as register domain names.
Aruba, Bigstep and CWCS Managed Hosting appear in second, third and fourth places. Aruba came close to Choopa in average connection time, averaging 5ms. Bigstep and CWCS Managed Hosting were both slower, averaging 62ms and 68ms.
Aruba provides hosting, cloud and digital signature services, fiber optic internet, digital preservation, and much more, with data centers across Europe in the UK, Germany, Czechia, Poland, Italy and France.
Bigstep’s bare metal cloud hosting provides the flexibility of cloud hosting without the associated overhead and performance reductions of virtualization. The bare metal offerings are available in data centres in the UK and Romania.
CWCS provides dedicated servers along with cloud services, as well as a variety of other solutions. CWCS has data centres across the UK, as well as North America.
All of the top 10 hosting company sites used Linux in August, making Linux clearly dominant in the top 10 throughout this year.
Prankster acquires Taliban Government domain amidst gov.af limbo
2nd September, 2021
The US and others may have withdrawn from Afghanistan, but many Afghan Government websites and email addresses under the .gov.af top-level domain are still very much dependent on services hosted outside of the country – mostly in the US.
By taking control of Afghanistan, the Taliban has inherited these government domains and now shares web hosting and mail servers with several other governments around the world, including the UK Government. In many cases, emails sent to .gov.af domains will be routed through US-hosted servers, presenting intelligence opportunities if the new Taliban government were to continue using them.