Exploring 8chan's hosting infrastructure
23rd October, 2020
In a recent post, Brian Krebs discussed a technique for disrupting 8chan, a controversial message board. Ron Guilmette, a security researcher, spotted that N.T. Technology, the hosting company owned by 8chan’s current operator, no longer has the right to transact business as it is in the “administrative hold” state. ARIN, the Internet registry N.T. Technology obtained its IP address allocation from, would be within its rights to reclaim the IP address space.
Ron Guilmette is an expert in this type of analysis - last year he discovered the theft of $50 million worth of IP addresses in AFRINIC’s service region.
However, taking down 8chan is unlikely to be as simple as requesting that ARIN deallocates its IP address space. After deallocation, the IP addresses may continue to be advertised as fullbogons - netblocks that are used on the Internet despite not being assigned to an end user. While some Internet service providers do block fullbogons, this is by no means universal.
Furthermore, 8chan’s main domain name, 8kun.top, is not currently hosted on N.T. Technology’s infrastructure, so would not be affected by ARIN deallocating N.T. Technology’s address space. It currently resolves to 203.28.246.1, which belongs to a netblock delegated to VanwaTech. VanwaTech, also known as OrcaTech, is a hosting company based in Vancouver, Washington and owned by Nick Lim. Nick Lim previously served as the CTO of Epik for a short period of time, a hosting company that briefly hosted 8chan after Cloudflare terminated its contract with 8chan.

Diagram showing 8chan's hosting infrastructure
Posted by Graham Edgecombe in Around the Net
October 2020 Web Server Survey
21st October, 2020
In the October 2020 survey we received responses from 1,205,797,275 sites across 264,098,084 unique domains and 10,449,223 web-facing computers. This reflects a gain of 9.50 million hostnames and 111,000 computers, but a loss of 187,000 domains.
nginx experienced the largest growth in domains and web-facing computers, where it leads with a total of 79.9 million domains and 3.58 million computers, giving it shares of 30.2% and 34.2%. However, nginx's growth was beaten by Google in terms of active sites, with Google gaining 1.31 million active sites compared to nginx's gain of 1.06 million. This growth makes Google the only major vendor to see an increase in its market share of active sites this month, which now stands just above 10%. Despite falling by 0.79 percentage points, Apache remains well in the lead with a 25.7% share of active sites.
Contrary to its strong growth in other metrics, nginx saw the largest drop in its presence among the top million websites, with 3,030 fewer sites taking its share down to 25.5% while Apache continues to lead with 28.3%.
Other notable changes this month include an 8.10% reduction in the number of domains powered by Microsoft web servers, which fell by 1.73 million to 19.6 million. Much of this was caused by the continuation of parked GoDaddy domains migrating from GoDaddy's own hosting infrastructure to OpenResty servers in Google Cloud, resulting in the number of OpenResty-powered domains rising by 1.92 million to 36.4 million. The only market in which Microsoft increased its share was within the top million websites, where it gained 319 additional sites to reach a share of 7.20%.
DigitalOcean App Platform
DigitalOcean has entered the Platform as a Service (PaaS) arena by launching its new App Platform product, which can be used to build, deploy and scale web applications and static websites. It is a fully managed service based on DigitalOcean Kubernetes and other open standards, offering much of the flexibility of Kubernetes without the associated complexity.
Competing with the likes of AWS Elastic Beanstalk, Oracle Cloud Platform and Microsoft Azure App Service, DigitalOcean App Platform offers a Starter pricing tier that lets customers become familiar with the platform by deploying up to three static sites free of charge, while dynamic apps can be built and deployed from $5/month. App Platform supports several popular languages and application frameworks out of the box, including PHP, Docker, Go, Node.js, Python and Ruby.
All pricing tiers – including the free one – include global content delivery via Cloudflare, which means that applications deployed on App Platform will likely count towards the number of Cloudflare-hosted websites in future Netcraft surveys.
New server releases
nginx 1.19.3 was released on 29 September. This version in the mainline release branch incorporates several bug fixes, some new directives, and a new ngx_stream_set_module, which allows variables to be set in nginx configuration files.
njs 0.4.4 was also released on 29 September. This version of the nginx-extending scripting language includes a new Buffer object as well as several other new features and bug fixes. NGINX Unit 1.20.0 was later released on 8 October, and introduces several new features, bug fixes, and support for ASGI 3.0.
Apache Tomcat 8.5.59, Tomcat 9.0.39 and Tomcat 10.0.0-M9 were released on 9 October. Tomcat 10.0.0-M9 is considered a milestone release, as it switches from Java EE to Jakarta EE following the transfer of Java EE to the Eclipse Foundation. Apache has provided a tool that automatically converts existing Java EE 8 projects that run on Tomcat 9 to Jakarta EE 9 projects that will run on this latest version of Tomcat 10.


Developer | September 2020 | Percent | October 2020 | Percent | Change |
---|---|---|---|---|---|
nginx | 407,086,442 | 34.03% | 412,851,940 | 34.24% | 0.21 |
Apache | 330,682,809 | 27.64% | 326,050,973 | 27.04% | -0.60 |
Microsoft | 95,944,600 | 8.02% | 92,405,675 | 7.66% | -0.36 |
45,689,961 | 3.82% | 46,583,411 | 3.86% | 0.04 |
Posted in Web Server Survey
September 2020 Web Server Survey
23rd September, 2020
In the September 2020 survey we received responses from 1,196,298,727 sites, across 264,284,761 unique domains and 10,338,585 web-facing computers. Compared with last month, this is a loss of 34,277,859 sites and 10,901 web-facing computers, but a gain of 2,463,474 unique domains.
Approximately 15 million domains have switched from Microsoft web server software to OpenResty, a web server which adds LuaJIT support to nginx. This represents a 5.97 percentage point drop in Microsoft’s market share of domains, and, accordingly, a 6.71 percentage point increase for OpenResty. OpenResty now powers 34.5 million domains, giving it a 13% market share and gaining it third place behind nginx and Apache. This huge swing is driven by GoDaddy migrating its customers’ parked domains from GoDaddy’s own hosting infrastructure to Google Cloud.
Microsoft also experienced a large loss of 49,600 web-facing computers (-3.1%), unrelated to the GoDaddy OpenResty migration. The largest increase in web-facing computers was seen for Apache (+19,100), though this was not enough to re-take the lead from nginx, which became the largest web server vendor by this metric last month.
Most of the large vendors saw drops in terms of the number of active sites hosted this month. Cloudflare and LiteSpeed are among the vendors who saw growth in this area despite the overall negative trend. Pepyaka (used by Wix) and Squarespace also both gained active sites (+3.0% and +2.6% respectively), reflecting the growing popularity of website builders.
New vendor releases
This month LiteSpeed released version 5.4.9 of the LiteSpeed Web Server. A small number of new features have been added in this update, including automatic CloudFlare CDN IP detection and support for bcrypt password hashes when using HTTP authentication.
Apache have released three new versions of Tomcat this month – 8.5.58, 9.0.38 and 10.0.0-M8. These releases each add a number of new features and security patches. Notable changes include adding support for the Expect HTTP header, and adding support for setting read and write idle timeouts on websocket connections.
Apache also released version 8.1.0 of Apache Traffic Server. This release focused on improving the stability, reliability and performance of the server’s HTTP/2 support.


Developer | August 2020 | Percent | September 2020 | Percent | Change |
---|---|---|---|---|---|
nginx | 448,602,806 | 36.45% | 407,086,442 | 34.03% | -2.43 |
Apache | 318,307,245 | 25.87% | 330,682,809 | 27.64% | 1.78 |
Microsoft | 118,126,662 | 9.60% | 95,944,600 | 8.02% | -1.58 |
44,326,227 | 3.60% | 45,689,961 | 3.82% | 0.22 |
Posted in Web Server Survey
Netcraft Extension adds credential leak detection
28th August, 2020
The Netcraft Browser Extension now offers credential leak detection for extra protection against shopping site skimmers.
With brick-and-mortar shops around the world closed due to COVID-19, consumers turned to online businesses to fulfil their shopping needs. According to Adobe’s Digital Economy Index report, US online spending in June was $73 billion, up 76% from $42 billion last year. Even with restrictions lifted, research commissioned by Visa suggests that 74% of Britons who shopped online more often during the lockdown will continue to do so.
Now more than ever it is important to protect against JavaScript skimmers. These are snippets of malicious code which criminals upload to compromised shops. Unbeknownst to the store owner or the user, they transmit entered card details directly to the criminal. Unlike scams such as phishing, which can often be avoided by a vigilant internet user, skimmers are invisible to the human eye without a tool such as the Netcraft Extension to expose them.
Netcraft currently blocks over 6,000 shopping sites which contain skimmers, and even large companies such as British Airways, Ticketmaster and Puma have fallen prey to these attacks in the past.

The Netcraft Extension identifying and blocking a skimmer on an online shop
When you visit a shopping site, the Netcraft extension will evaluate all requests made by the web page. If a request is found to be sending credentials to a different domain, the extension will block the request to prevent your data from being stolen. A block screen will notify you about the request and provide information about the malicious behaviour that was detected. Only card number leaks are currently blocked, but other types of credentials may be enabled in future updates.
For example, if you check out using your credit card on exampleshoppingsite.com but your card details are sent to examplebadsite.com, the extension will block the request. This checking is done locally and securely in your browser – no sensitive information is sent to Netcraft.
The extension will also block pages which make requests to malicious domains that are part of JavaScript attacks.
In addition to shopping site skimmers, the Netcraft Extension also protects against other malicious JavaScript, phishing and fake shops, including those related to coronavirus. The extension is available for Chrome, Firefox, Opera and the new Microsoft Edge based on Chromium.
If you already have the Netcraft Extension installed, your browser will update it automatically.
Posted by Billy Bradley in Netcraft Services, Security
August 2020 Web Server Survey
26th August, 2020
In the August 2020 survey we received responses from 1,230,576,586 sites across 261,821,287 unique domains and 10,349,486 web-facing computers. This represents a loss of 3.65 million sites, but a gain of 1.16 million domains and 128,000 computers.
The number of web-facing computers using nginx increased by 83,000 this month, which means that - for the first time - nginx is in use by more web-facing computers than any other web server, including Apache. This is another milestone for nginx, and reflects its impressive growth in recent years.
Apache still serves more active sites than nginx, and a greater proportion of the top million busiest sites, but this month its decline in these metrics continued. One year ago, among the top million busiest sites, nginx trailed Apache’s market share by 6 percentage points. nginx has since halved this gap, and is now less than 3 percentage points behind. If the current trend continues, it won’t be long before nginx overtakes Apache in this area too.
As well as a marked decrease in total sites this month of 22.14 million (-15.8%), Microsoft also suffered in other metrics this month. The number of domains served using Microsoft software dropped by 8.27 million (-18.4%), and 19,000 fewer web-facing computers (-1.2%) are running Microsoft web servers. Microsoft also lost 633,000 active sites (-7.3%).
New vendor releases
Apache released three new versions of httpd this month. Version 2.4.44 fixed several bugs, version 2.4.45 dropped support for the abandoned HTTP2 Cache Digests proposal, and version 2.4.46 fixed three security vulnerabilities.
This month nginx released updates for three of its products. nginx 19.1.2 mainline was released on 11 August with a few minor optimizations and several bugfixes. On the same day, njs 0.4.3 was released, adding support for the querystring module. On 13 August nginx Unit 1.19.0 was released, which introduced several new features, improved performance, and fixed a number of bugs.


Developer | July 2020 | Percent | August 2020 | Percent | Change |
---|---|---|---|---|---|
nginx | 451,156,878 | 36.55% | 448,602,806 | 36.45% | -0.10 |
Apache | 314,054,523 | 25.45% | 318,307,245 | 25.87% | 0.42 |
Microsoft | 140,264,332 | 11.36% | 118,126,662 | 9.60% | -1.77 |
44,290,430 | 3.59% | 44,326,227 | 3.60% | 0.01 |
Posted in Web Server Survey
Netcraft phishing and cybercrime protection app for iOS available globally
3rd August, 2020
Netcraft has released a new version of its phishing and cybercrime protection app for iOS. The app protects users around the world from online threats including phishing, JavaScript skimmers, fake shops, and coronavirus scams. The Netcraft app is available for download today on iOS, Android, and Amazon devices:
Our iOS app protects against online threats, with new attacks blocked within 15 minutes of being identified as fraudulent by Netcraft. It offers a 28-day free trial of all features, after which a monthly or annual subscription can be purchased for $1.99 or $9.99 (£1.99 or £9.99).
You can use the app without a subscription to report suspicious sites to Netcraft with just a few taps, and automatically report URLs in SMS and iMessages from unknown senders.
Wherever you are, the app defends against phishing attacks targeting regional services such as governments and banks. In addition, it protects users against other types of online threat such as JavaScript skimmers on eCommerce sites, fake shops imitating well-known brands, new threats such as coronavirus scams, and attacks targeting global entities – such as cloud services, financial institutions, and social media.