Our iOS app protects against online threats, with new attacks blocked within 15 minutes of being identified as fraudulent by Netcraft. It offers a 28-day free trial of all features, after which a monthly or annual subscription can be purchased for $1.99 or $9.99 (£1.99 or £9.99).
You can use the app without a subscription to report suspicious sites to Netcraft with just a few taps, and automatically report URLs in SMS and iMessages from unknown senders.
Posted by Will Dollman in Netcraft Services
In the July 2020 survey we received responses from 1,234,228,567 sites across 260,658,118 unique domains and 10,221,919 web-facing computers. This represents a gain of 9.47 million sites and 180,000 computers, but a loss of 1.75 million domains.
Most of the major server vendors saw gains in total sites this month: Apache gained 9.8 million sites after a loss of roughly the same size last month, while Microsoft and nginx gained 5.4 million and 2.5 million sites respectively. LiteSpeed continued to see strong growth, gaining 1.95 million new sites this month. Although it makes up 2.17% of the market, this represents strong growth from 1.62% at the start of the year.
nginx showed the highest growth in terms of domains, gaining 200,000. Losses of 1.1 million domains for Microsoft and 998,000 for Apache have further boosted nginx’s lead in this metric, and it now stands around 30 million domains ahead with a 29.8% (+0.27 pp) market share.
nginx also showed the highest growth in web-facing computers, with an increase of 97,000 taking its total to 3.5 million and leaving it just 9,000 computers (0.09 pp of market share) shy of Apache, the current leader. Apache has consistently had the highest number of web-facing computers since Netcraft began tracking the metric in 2007, but has slowly been losing market share – primarily to nginx. Microsoft trails in third position with a total of 1.6 million web-facing computers, around half that of nginx and Apache.
New vendor releases
LiteSpeed announced the first release candidate of LiteSpeed Web Server 6.0 on 17 July. This release brings several major new features such as support for conditionals in Apache configuration files, asynchronous execution of the mod_security Web Application Firewall, and sandboxed execution environments for PHP and CGI scripts. It also adds support for the latest HTTP/3 specification, draft 29. LiteSpeed has historically been fast to adopt new draft versions of HTTP/2 and HTTP/3, often implementing support within a month of a new draft’s release.
|Developer||June 2020||Percent||July 2020||Percent||Change|
Posted in Web Server Survey
More than two thousand sites using Extended Validation certificates stopped working this weekend and remain inaccessible today (Monday), including those run by banks, governments, and online shops. The EV certificates used by these sites were revoked on Saturday, and have yet to be replaced. Most visitors using modern web browsers are completely locked out: this certificate error cannot be bypassed in Chrome, Firefox, Safari, or Microsoft Edge.
Last week, DigiCert disclosed a reporting discrepancy in its audit for EV certificates. As part of its response, DigiCert committed to revoking the certificates, which it intends to complete over the coming weeks. Only a subset of DigiCert’s EV certificates are affected: in the July SSL Server Survey, Netcraft found 17,200 EV certificates in active use on port 443 that are due to be revoked.
The first batch of revocations happened this weekend. While most of the certificates revoked on Saturday 11th July have been correctly replaced and reinstalled, many have not.
On Monday morning, Netcraft found 3,800 sites still using EV certificates issued by the affected sub-CAs. Of these 3,800, more than 2,300 were still using a revoked EV certificate, completely disabling the sites for users in modern browsers, which handle EV revocation more robustly than other types of certificate. The remainder are yet to be revoked.
Wirecard, the beleaguered German payment processor, briefly had its main site, www.wirecard.com, displaying a certificate warning early on Monday, but the certificate has since been replaced with a working non-EV certificate. There are still a number of Wirecard domains with revoked certificate warnings.
Posted by Robert Duncan in Security
The current coronavirus pandemic has resulted in the closure of many pubs, restaurants, and brick-and-mortar retail stores. Many purchases that would previously have been made in person now take place online. In research commissioned by Visa, 89% of Britons have shopped online since the UK’s lockdown restrictions began, with 31% buying items online for the first time during this period. This increase in online shopping activity benefits criminal groups in that: smaller businesses newly reliant on online transactions provide attackers with a stream of inadequately-defended shopping sites to exploit, and buyers are far more likely to be driven to these compromised shops or to fake shops compared to before the pandemic.
Fake shops are another threat. Shoppers seeking bargains may unknowingly find themselves on a fake shop which claims to offers the products they want at a highly discounted price, but the victim will subsequently only receive counterfeit goods, no goods at all, or have the transaction aborted after entering credentials which is equivalent to a phishing attack.
|7||Hyve Managed Hosting||Linux||0:00:00||0.010||0.176||0.075||0.150||0.150|
The most reliable hosting company site in June 2020 belonged to Choopa.com, with no failed requests and the fastest average connection time. Choopa.com offers cloud hosting, dedicated hosting and colocation in its own primary facility in Piscataway, New Jersey as well as smaller facilities in Los Angeles, Amsterdam, and Tokyo.
The top four sites each responded to all of Netcraft's requests in June and were separated by average connection time. Webair, ServerStack and Pair Networks complete the top four. Webair provides colocation as well as managed cloud services from its data centres in New York, Los Angeles, Montreal, and Amsterdam. ServerStack has now appeared in the top 10 for the past five consecutive months.
Online shopping has surged since lockdown started in March. Many of us, looking to be healthier, have headed online for sports equipment and a number of sportswear retailers have reported booming online sales. John Lewis recorded a 72% increase in total sports shoe sales, while Adidas and Puma have both seen an increase in ecommerce revenue.
Shoppers browsing online for the best deals, however, need to take care, as many people would be surprised at the scale of fake shops. Each day we find new fake shops designed to entice shoppers away from bona fide outlets, as many brands have yet to find effective countermeasures.
Counterfeit shoes, clothing and other accessories are estimated to lose the industry more than €26 billion each year in the EU alone, while the loss due to all online counterfeiting is estimated at $323 billion a year. The OECD estimated that over 3% of all imports worldwide are counterfeit.
Traditionally fake shops claim to sell luxury consumer goods at highly discounted prices. We have seen fake shops using at least three different models:
- Payment is accepted, but no goods are delivered.
- At the end of the checkout process, an error message is displayed such as “Out of Stock” and no transaction occurs. This is equivalent to a phishing attack, as the fake shop has the consumer’s credentials.
- Payment is accepted, and goods are delivered. The quality of goods varies between junk and identical to the bona fide item.
Trainers are the most counterfeited goods
We currently block around 75,000 fake shops in our extension and apps. Of these, roughly half target a specific brand, such as Nike or Adidas. About 70% of the fake shops selling branded goods sell shoes, predominantly trainers.
Corroborating this, European customs authorities handle more cases of counterfeit sports shoes than any other type of product.
Your link here? Advertising on the Netcraft Blog