BBC News Knocked Offline by Performance Changes

The BBC News website has been suffering outages today while its hosting location fluctuated between BBC Internet Services and the Akamai web application acceleration and performance management service.

graph.png

For many users this afternoon, the front page of the BBC News site has been slow to respond, often displaying error messages such as "No suitable nodes are available to serve your request" and "an error occurred while processing this directive". Other users found that requests to news.bbc.co.uk caused the server to continually redirect their request back to news.bbc.co.uk, causing an infinite redirection loop which would have added to the load on the servers.

bbc-302.png

Today's performance problems coincide with apparent moves to and from the Akamai content distribution network. Prior to today, the news.bbc.co.uk site had been self-hosted by BBC Internet Services in Docklands, London.

bbc-ie.png

For some periods today, the BBC News website had resolved to IP addresses belonging to Akamai, while other times it had either been pointed back to BBC Internet Services at Docklands, or did not resolve at all, thus leaving the site completely inaccessible.

Akamai transparently mirrors content stored on web servers and users then access the content from these instead of the origin server. By automatically picking a mirror server that is near to the user, performance is generally increased while decreasing the load on the origin server.

Update: Steve Herrmann, editor of the BBC News website, has published a blog article about the site problems.

Google Fixes Gmail Cross-site Request Forgery Vulnerability

Google has fixed a vulnerability in their Gmail web based email service which would have allowed internet attackers to steal mail messages from users without being noticed.

The attack works by forcing a logged-in user to add a mail filter to their Gmail account, thereby allowing their mail to be forwarded to an external mail address controlled by the attacker. Because the Gmail service did not adequately verify the origin of such requests, it was possible for attackers to create their own web pages that used JavaScript to automatically make such requests on behalf of their victims. In essence, a Gmail user would visit one of these pages and have their account compromised without necessarily realising anything is awry. Only close inspection of the Filters tab in the Gmail Settings menu would reveal what had happened.

gmail.png

Proof of concept exploits used JavaScript to make a silent POST request to the Gmail service and add the attacker’s filter. With the results of the request hidden in an iframe, it is highly unlikely that a victim will have noticed that their Gmail account would have been compromised, particularly while they are browsing a completely different website. While this attack scenario would only be successful if the victim was logged in, many Gmail users remain constantly logged in throughout the day, thus increasing the likelihood of a successful attack.

The technique used by this exploit is known as CSRF (Cross-site Request Forgery) and is becoming an increasingly common method to attack web applications. If a web application is vulnerable to CSRF, it will allow unauthorised attackers to carry out arbitrary actions in the context of an authorised, logged in user of the application. Not only does this make a hacker’s life easier, but it also helps them to cover up their tracks, as malicious actions will appear to be carried out, unwittingly, by authorised users of the system.

Compromised webmail accounts are regarded as a valuable commodity by hackers, as they often contain information that would allow an attacker to gain unauthorised access to other systems, such as internet banking, and to harvest credit card details from online stores used by the victim. Because the attacker is now effectively in control of their victim’s email, they could also attack other accounts belonging to the victim by following “forgotten password” links and obtaining the relevant passwords via email.

Cross-site Request Forgery vulnerabilities are often difficult to identify using automated tools and typically require testing by security aware developers.

Hackers Crack Layered Tech Database

Dedicated hosting company Layered Technologies is advising customers to reset account logins after an incident Monday night in which hackers were able to access a client support database. Layered Tech said it doesn't believe that any customer credit card numbers were compromised, but is nonetheless advising customers to change the login credentials on all their servers and underlying services created in the past two years, including webmail, SSH access, MySQL databases and cPanel reseller control panels.

"The Layered Technologies support database was a target of malicious activity on the evening of 9/17/2007 that may have involved the illegal downloading of information such as names, addresses, phone numbers, email addresses and server login details for 5 to 6,000 of our clients," company president Todd Abrams wrote to customers. "Layered Technologies responded immediately to this specific incident by conducting a comprehensive security audit of internal processes and procedures."

Continue reading

INetU, New York Internet and Acens are the Most Reliable Hosting Companies In August 2007

Ranking by Failed Requests and Connection time,
August 1st - 31st 2007

performance_august2007.PNG

INetU Inc., New York Internet and Acens are the most reliable hosting company sites for August 2007, followed closely by Easynet,iPowerWeb and GoDaddy.com.

This month's leaders include two managed hosting providers who have made frequent appearances in our ranking of the most reliable performers. New York Internet, a colocation and managed services provider in Manhattan, topped the charts for the third time this year. NYI previously was most reliable in January and May of 2007. INetU, a managed hosting provider in Allentown, Pa., was second in the July survey and has appeared in the top 10 many times, including a run of seven straight months in 2004. This is the first appearance on the reliable hoster list for Spanish hosting company Acens. In January private equity firm Nazca Capital bought a major stake in Acens, which had revenue of $18.8 million in 2006.

Close behind the top three are American discount specialists iPowerWeb and Go Daddy, who offer shared hosting accounts starting at $4 to $6 per month. Go Daddy is also the world's largest domain registrar.

Three of the ten most reliable hosts run their web sites on FreeBSD, three on Windows and two on Linux.

Continue reading

September 2007 Web Server Survey

In the September 2007 survey we received responses from 135,166,473 sites. This is an increase of 7.2 million sites since last month, the largest growth in the number of sites recorded by the survey. The rate of growth, around 5.5%, is high but not exceptional by historical standards.

Total Sites Across All Domains August 1995 - September 2007

Total Sites Across All Domains, August 1995 - September 2007

The high growth so far this year has been largely driven by the increasing number of online blogging and social networking communities. This month sees strong growth in the number of sites at Windows Live Spaces, MySpace, and Blogger appearing in the survey. The increased popularity of these blog hosting services continues to have a dramatic effect on the web server market shares: Apache suffered a sudden decline in share when sites at Blogger switched to Google's GFE.

Apache gains over 3 million hostnames, and around 0.9 million active sites this month. But this is not enough to prevent its market share declining closer to the 50% mark, as Microsoft also gained over 3 million hostnames (a large part of which come from MySpace and Live Spaces, both of which use its Internet Information Server).

Graph of market share for top servers across all domains, August 1995 - September 2007

Top Developers
DeveloperAugust 2007PercentSeptember 2007PercentChange
Apache65,153,41750.96%68,228,56150.48%-0.49
Microsoft43,861,85434.31%47,232,30034.94%0.63
Google5,702,4564.46%6,616,7134.90%0.43
Sun2,195,4951.72%2,212,8211.64%-0.08
lighttpd1,500,1261.17%1,515,9631.12%-0.05

Continue reading

Blogger.com Hit By Downtime

Blogger.com was offline for an hour early Wednesday as Google's popular service encountered performance problems. Blogger is one of the oldest and largest blogging services, hosting several million free blogs. Google "apologized profusely" for the service interruption.

"Blogger and Blog*Spot had an unexpected outage for an hour this morning, starting around 7AM PDT," Google reported on its Blogger status page. "As of 8AM, all but a few blogs are working properly again." The company didn't offer any additional details on the cause of the outage. The Google search engine and other services were unaffected, as the outage appears to have been isolated to Blogger and blogspot.com.