Ike.ninja

An update for openssl is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for openssl is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

In the March 2023 survey we received responses from 1,116,018,952 sites across 269,281,081 domains and 12,106,182 web-facing computers. This reflects a loss of 11.6 million sites, 1.4 million domains, and 36,610 web-facing computers.

This month, for the first time, nginx overtook Apache within the top million busiest sites. nginx gained 1,447 sites, which increased its market share by 0.14pp to 21.37%, compared to Apache at 21.18% (-0.16pp). This allowed it to regain 2nd place, which it lost when Cloudflare overtook both to claim the top spot in January.

nginx was created by Igor Sysoev, with development starting in Spring 2002, and it first became publicly available in October 2004. It slowly gained popularity over the following years, largely due to its ability to handle a much large number of connections with a lower memory footprint compared to Apache. NGINX, Inc. was founded in 2011 to provide commercial support for nginx while maintaining the open source version. Igor left NGINX, Inc. at the start of 2022 after having worked on nginx for 20 years.

nginx first featured in the Web Server Survey in January 2008. When we started publishing our top million busiest sites metric in April 2009, nginx was already 3rd with a market share of 3.16% behind Microsoft (18.91%) and Apache (67.56%). It overtook Microsoft in May 2013 and remained in 2nd place until January this year. When looking at all the sites in the survey, not just the top million busiest sites, nginx overtook Apache to become the market leader in April 2019. It now has a market share of 25.94%, ahead of Apache (20.58%) and Cloudflare (10.17%).

Cloudflare made extensive use of nginx in its custom software stack for many years. However, it was slowly replaced by Cloudflare’s in-house technologies, reflected by it migrating its server banners from cloudflare-nginx to just cloudflare starting in December 2017, and it announced a complete replacement in-house HTTP proxy Pingora in September 2022.

Across the survey as a whole, Cloudflare saw a small loss of 296,120 sites (-0.26%), its first drop since April 2022. Despite this, its market share increased by 0.08pp to 10.17%. It saw a more significant loss of 1.1 million domains (-4.19%), reducing its market share for domains by 0.37pp to 9.58%.

LiteSpeed had the largest percentage growth in March: it grew by 814,945 sites (+1.39%) and 352,384 domains (+3.96%). It now has a market share of 5.33% sites and 3.43% domains, up by 0.13pp and 0.15pp respectively.

Apache suffered losses across the board this month, losing 1.4 million sites (-0.61%), 223,028 domains (-0.38%), and 32,965 web-facing computers (-1.00%). However, despite its losses, it now has a market share of 20.58% (+0.09pp) sites and 21.45% (+0.03pp) domains.

nginx also saw large losses in March, dropping by 6.2 million sites (-2.10%), 318,827 domains (-0.44%), and 7,456 web-facing computers (-0.16%). It now accounts for 25.94% of sites (-0.28pp) and 26.97% of domains (+0.03pp).

Similarly, OpenResty saw a significant loss of 6.6 million sites (-6.92%) and 237,667 domains (-0.61%). Its market share of sites dropped to 7.94% (-0.50pp), and its market share of domains dropped to 14.36% (-0.01pp).

Vendor news

• njs 0.7.10 and njs 0.7.11, the scripting language used to extend nginx, were released on 2nd February 2023 and 9th March 2023 with new features and bugfixes.
• Apache Tomcat versions 8.5.86, 9.0.72, 10.1.6, and 11.0.0-M3 were released in February, which contain bugfixes and documentation improvements.
• lighttpd 1.4.69 was released on 10th February 2023, including bugfixes and portability improvements.
• AWS announced that it is working on an AWS region in Malaysia.
• Azure announced a new planned datacenter region in Saudi Arabia (Saudi Arabia Central).

Fix for CVE-2022-48303

Apache HTTP Server could allow unintended access to network services.

GitPython could me made to execute arbitrary commands on the host.

– Update to latest upstream (111.0)

USN-5904-1 caused a minor regression in SoX.

On April 10th, we will begin the process of transitioning all cPanel customers and partners to our new and improved payment processing system. This upgrade will solve many issues that have existed within our legacy system and allow for a smoother billing experience moving forward.  Our intention is to make this transition as smooth and behind-the-scenes as possible, however the potential does exist for certain customers and partners to take minor action relative to their …

The post Notice of Upgrade to Credit Card Processing System first appeared on cPanel Blog.

Ruby could allow for internet traffic to be modified if a vulnerable application processed malicious user input.

An update for firefox is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for openssl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

Several security issues were fixed in curl.

Python could be made to bypass blocklisting methods if a specially crafted URL was provided.

The collapse of Silicon Valley Bank (SVB), once the go-to financial institution for early-stage technology businesses and startups, is being exploited by cybercriminals. In this blog post, we discuss some of the tactics and techniques Netcraft has already detected criminals using to exploit SVB’s collapse – either directly or indirectly – as a lure.

As the flurry of COVID-themed attacks proved, cybercriminals waste no time in exploiting the attention such stories generate. Criminals often exploit current news stories, or specific times of year (like tax reporting) to make their scam seem more relevant to victims. They’ll also use the fear of missing out, hoping to trick victims into responding quickly.

New SVB-themed websites abound – criminal and otherwise

Since news of SVB’s collapse was announced, Netcraft has detected and blocked several SVB-related attacks in our malicious site feeds: