Rackspace Most Reliable Hoster in September

Ranking by Failed Requests and Connection time,
September 1st - 30th 2006

performance_september2006.PNG

Rackspace is the most reliable hosting company for September 2006, followed closely by managed hosting company Datapipe and Katarre, a colocation and dedicated hosting provider based in Corvallis, OR.

Rackspace, a managed hosting provider based in San Antonio, Texas, has been a mainstay in our reliability rankings since we began tracking hosting company performance in 2003. This is the fifth time this year that Rackspace has been the most reliable hoster, compared to six times in 2005. The home page for the Rackspace.com web site did not have a measurable outage from March 2004 through November 2005, when it experienced three minutes of downtime.

Eight of the 10 most reliable hosters run their sites on Linux with the two remaining having Unknown OS.

Continue reading

October 2006 Web Server Survey

In the October 2006 survey we received responses from 97,932,447 sites, an increase of 1.08 million from last month. That moderate growth follows four straight months of blockbuster gains, guaranteeing that 2006 will surpass 2005 in the record books for largest single-year hostname growth. The survey has added nearly 23.9 million sites in the first 10 months of 2006, well above the previous record for annual numerical site growth of 17.1 million from last year. At its current 2006 growth rate of 2.3 million-plus sites per month, the Web Server Survey could top 100 million sites before the end of the year.

There are only small shifts in market share for web server software. Windows' share improves slightly this month, as gains at Go Daddy offset some slippage among sites hosted at Microsoft.

Total Sites Across All Domains August 1995 - October 2006

Total Sites Across All Domains, August 1995 - October 2006

Graph of market share for top servers across all domains, August 1995 - October 2006

Top Developers
DeveloperSeptember 2006PercentOctober 2006PercentChange
Apache5969987261.646016664261.44-0.20
Microsoft3027224931.263070402131.350.09
Zeus5156700.535223110.530.00
Sun3458340.363321130.34-0.02

Continue reading

Globix Sells US Unit, Exits Hosting Business

Globix has exited the hosting business by selling its U.S. operations to Quality Technology Services for $20 million. In August the company sold Globix UK and its European network to Telecity Redbus for $62 million. The U.S. deal provides Quality with managed hosting customers in Santa Clara, Calif. and New York to supplement its existing operations in Atlanta, Kansas and Indiana. The sale is expected to close within the next month.

The history of Globix closely tracks broader industry trends, as it built big during the dot-com boom, commissioning 400,000 square foot data centers in New York and Boston to accommodate an expected flood of hosting customers. The company later filed for bankruptcy protection, emerging as a leaner competitor. Earlier this year, the company reviewed its operations and decided to focus on its network connectivity business.

Quality Technology Services was formed in September 2005 when the Quality Group of Companies purchased the assets of the former e^deltacom, including a 376,000 square foot data center outside Atlanta. Quality said today that it has acquired an existing 960,000 square foot data center facility in the Atlanta market, and plans to announce a New York data center site shortly.

Continue reading

HostGator: cPanel Security Hole Exploited in Mass Hack

HostGator says hackers compromised its servers using a previously unknown security hole in cPanel, the control panel software that is widely used by hosting providers. "I can tell you with all accuracy that this is definitely due to a cPanel exploit that provides root access and all cPanel servers are affected," said HostGator system administrator Tim Greer. "This issue affects all versions of cPanel, from what I can tell, from years ago to the current releases, including Stable, Release, Current and Edge."

cPanel has just released a fix. "Running /scripts/upcp will fix the vulnerability in all builds," cPanel said in a message on its user forums. "Please note that this is a local exploit which requires access to a cPanel account. ... If you believe you have been exploited through this vulnerability, you are welcome to submit a support request for assistance."

Hackers gained access to HostGator's servers late Thursday and began redirecting customer sites to outside web pages that exploit an unpatched VML security hole in Internet Explorer to infect web surfers with trojans. The existence of the new "0-day" exploit of cPanel leaves a large number of hosting companies vulnerable to similar attacks until they install the patch. The riusk is mitigated somewhat by the fact that it is a local exploit, meaning any attack on a host must be launched from an existing account with cPanel access.

Continue reading

Hacked HostGator Sites Distribute IE Exploit

Hackers have hijacked a large number of sites at web hosting firm HostGator and are seeking to plant trojans on computers of unwitting visitors to customer sites. HostGator customers report that attackers are redirecting their sites to outside web pages that use the unpatched VML exploit in Internet Explorer to install trojans on computers of users. Site owners said iframe code inserted into their web pages was redirecting users to the malware-laden pages.

UPDATE: HostGator says its servers were attacked through a previously unknown security hole in cPanel. See our update for the latest details.

HostGator general manager Jason Muni told Security Fix that attackers had "reconfigured an unknown number of Web sites hosted on the company's servers to redirect visitors to a third-party Web site that tried to load the IE exploit." Muni said the company reconfigured all of its 200 servers to address the problem. But as of 5:30 pm EST Friday, some HostGator customers were continuing to report that their sites were compromised and redirecting visitors, indicating the problems were ongoing.

Continue reading

Bank, Customers Spar Over Phishing Losses

Who should bear the cost of phishing losses: the bank or the customer? That question is at the heart of a recent dispute between the Bank of Ireland and a group of customers that fell victim to a phishing scam that drained 160,000 Euros ($202,000) from their accounts. The bank initially refused to cover the losses, but has since changed its mind and credited the accounts of nine victims, who had threatened to sue to recover their funds.

The Bank of Ireland incident is one of the first public cases of a bank seeking to force phishing victims to accept financial responsibility for their losses, but it likely won't be the last. Phishing scams continue to profilerate, as Netcraft has blocked more than 100,000 URLs already in 2006, up from 41,000 in all of 2005. Financial institutions continue to cover most customer losses from unauthorized withdrawals. But after several years of intensive customer education efforts, the details of phishing cases are coming under closer scrutiny, and the effectiveness of anti-phishing efforts taken by both the customer and the bank are likely to become an issue in a larger number of cases.

The issue of responsibility has been most prominent in the UK. In late 2004, the UK trade association for banks, known as APACs, began warning that financial institutions may stop covering losses from customers who have ignored safety warnings. That stance is reflected in the group's statement on customer protection.

Continue reading