Debian: 2891-2: mediawiki, mediawiki-extensions: Summary
(Mar 31) Security Report Summary
(Mar 31) Security Report Summary
The April issue of the Joomla Community Magazine is here! Our stories this month:
What’s New in the Joomla! Community Magazine?, by Alice Grevet
Leadership Highlights April 2014, by Marijke Stuivenberg
Roundup from JUG Corner – March 2014, by Ruth Cheesley
Practical Development 3: Project, by Marco Dings
10 Tips for a Fast Joomla Website, by Simon Kloostra
Core Features I want from the Components I Choose, by Randy Carey
Migration SEO Tips Series – Part 1 – Planning Your Link Migration Strategy, by Ruth Cheesley
Case Study – CrimeSuspect.Net, by Alice Grevet
Joomla! World Conference – 2014, by Dianne Henning
JoomlaDay Boston 2014, by Dianne Henning
Joomla! at CeBIT 2014 – Big Business!, by David Jardin
Joomla! Q&A Site on Stack Exchange, by Craig Phillips
JFBConnect: Let’s do more with Social Networks, by Mike Veeckmans
Joomleur, je t’aime !
Encore sous Joomla 1.5, il devient urgent de migrer
Migration complexe d’un site Joomla! 1.5…
Un système de sécurité pour Joomla!
Le CMS, le Framework Joomla! et les licences
10 meilleures astuces pour un site Joomla! rapide
Pratique du développement (épisode 2) : l’environnement de travail
Qué hacer cuando Joomla no encuentra las actualizaciones
Override del mes: Metamorfosis al mod_menu
Migración compleja de Joomla! 1.5 con tiempo de inactividad…
¿Por qué actualizar las extensiones de terceros?
Usando Joomla para hacer Joomla!. Empezando por JDatabase
We want to publish your Joomla! story in the next JCM issue! So take a look at our Author Resources content to get a better idea of what we are looking for, and then register to become a JCM author and submit your Joomla! story!
cPanel & WHM software version 11.38 will reach End of Life at the end of April 2014.
In accordance with our EOL policy [http://go.cpanel.net/longtermsupport], 11.38 will continue functioning on servers after reaching EOL. However, no further updates, such as security fixes and installations, will be provided for 11.38 once it reaches its EOL date.
We recommend that all customers migrate any existing installations of cPanel & WHM 11.38 to a newer version (either 11.40 or 11.42).
If your server setup complicates the process of migrating to a newer version of cPanel & WHM (an upgrade blocker list is available at http://go.cpanel.net/blockers), then cPanel is here to help. Simply open a support ticket at https://tickets.cpanel.net/submit so that our knowledgeable support team can provide recommendations, migration assistance, and more.
About cPanel, Inc.
Since 1997, cPanel, Inc. has been a leading innovator and developer of control panel software for the web hosting industry. cPanel builds software that allows web host professionals to transform standalone servers into fully automated, point-and-click web hosting platforms. cPanel-licensed software allows server and website owners, along with resellers and developers, to optimize their technical resources and replace tedious shell-oriented tasks with dynamic, intuitive web-based interfaces. For more information, visit http://cpanel.net.
For the PGP-signed message, see 11.38 30 day notice-signed.
In the April 2014 survey we received responses from 958,919,789 sites — 39 million more than last month.
Microsoft made the largest gain this month, with nearly 31 million additional sites boosting its market share by 1.9 percentage points.
IIS is now used by a third of the world’s websites. Although this is not Microsoft’s largest ever market share (it reached 37% in October 2007), this is the closest it has ever been to Apache’s leading market share, leaving Apache only 4.7 points ahead. Although Apache gained 6.9 million sites, this was not enough to prevent its market share falling by 0.87 to 37.7%. nginx, which gained 3.1 million sites, also lost some of its market share.
More than 70% of this month’s new IIS-powered websites are hosted in the US, followed by 22% in China. Nearly 20 million of the new IIS sites in the US are hosted by a single company, Nobis Technology Group, which was also responsible for much of Microsoft’s growth in
February. A smaller amount of Microsoft IIS growth was also seen on the Windows Azure platform (which will be renamed to
Microsoft Azure on April 3),
where the total number of
active sites has grown by 25% since February, when we compared the platform against Amazon AWS. 84% of all active sites hosted on the Azure platform are running Microsoft web server software.
Many of the new IIS sites hosted by Nobis Technology Group feature similar content
and form part of a Chinese link farm. Link farming is often an attempt to
influence search engine results, and each individual site within a link farm is typically of little interest to a human.
Netcraft’s active sites metric therefore provides a
better idea of how many websites are actively managed rather than being automatically generated en mass,
such as link farm content and domain holding pages. Of the 114 million sites hosted by Nobis, only a fifth are counted as active sites.
In terms of active sites, Apache remains in a much stronger position with a 52% share of the market, compared with Microsoft’s 11%.
A significantly higher proportion of Apache sites are active: 26% of all Apache sites were deemed to be active,
whereas only 6% of Microsoft’s were. nginx takes a 14% share of the active sites market, putting it 3 points ahead of Microsoft.
Apache also fares well amongst the million busiest sites, where there is intrinsically very little interference from
domain holding pages, link farms and other web spam. Here Apache takes a 53% share of the market, while nginx has 18% and Microsoft has 12%.
Although only 3% of the top million sites use Google web server software, Google’s dominance amongst the very busiest sites give it a presence on 8 of the top 10 sites.
Both Apache and nginx were affected by security vulnerabilities which were resolved during March, whereas
Microsoft IIS has yet to be affected by publicly-known security issues this year.
The latest version of Apache (2.4.9) was released on March 17. The Apache Software Foundation describes this as representing fifteen years of innovation by the project, and this major release of the 2.4 stable branch is recommended over all previous releases. Nevertheless, it is still common for many websites to use the
legacy 2.2 branch of releases, or
even older versions. Apache 2.4.9 is primarily a security and bug fix release, although it also includes the changes introduced in 2.4.8, which was not actually released. A workaround for a bug in older versions of OpenSSL, which prevented the release of 2.4.8, has been included in 2.4.9.
Although Apache 2.4.8 was not released, the development version (Apache/2.4.8-dev) was found
on 675 sites during this survey, which ran in March. Nearly all of these sites were running on FreeBSD servers which
belonged to various Apache projects, mostly Apache HTTPD and Apache OpenOffice.
The stable branch of nginx was updated twice during March.
Two bugs were resolved in nginx 1.4.6, which was released on March 4. nginx 1.4.7 was then released on March 18, addressing another bug and a
heap buffer overflow vulnerability. This security vulnerability affected nginx’s SPDY module, where a specially crafted request could allow a remote attacker to execute arbitrary code on a vulnerable web server. nginx is notable for its SPDY support, which is used extensively by
CloudFlare and also by Automattic, which hosts millions of WordPress blogs and co-sponsored the development of the
ngx_http_spdy_module. The same SPDY vulnerability also affected the mainline branch of nginx, which was resolved with the release of
nginx 1.5.12.
Many of the new generic top level domains (gTLDs) are starting to appear in Netcraft’s Web Server Survey in significant numbers. For example, the previous survey saw only one website using the .guru gTLD, whereas this month’s survey (which ran during March) found 36 thousand. Other gTLDs which have shown significant growth since last month’s survey include .photography,
.today, .tips, .technology,
.directory, .land, .gallery,
.estate and .singles.
Amongst established TLDs, the number of sites using the .ga country code top level domain grew by 140% this month. The
My GA website allows .ga domains to be registered for free from between 1 and 12 months, which has no doubt helped towards their goal of increasing the awareness of Gabon across the globe. The .ga ccTLD is administered by the Agence Nationale des Infrastructures Numériques et des Fréquences (ANINF) in Libreville, Gabon, while the registration process is provided by Freenom, who also provide free domain registrations for the more popular .tk ccTLD. Registered Freenom users are allowed an unlimited number of domain name renewals on both the .ga and .tk d domains, while paying customers can choose to register domains for as long as 10 years in one go and can automatically renew the registration.
Free and easily-registerable domain names are obviously attractive to fraudsters: During February, Netcraft blocked nearly 1,500 unique phishing sites hosted on .ga domains alone, and this figure jumped to more than 2,400 in March. The vast majority of these phishing attacks targeted Chinese companies, particularly the
Taobao marketplace and the
Alipay online payment escrow service.
Developer | March 2014 | Percent | April 2014 | Percent | Change |
---|---|---|---|---|---|
Apache | 354,956,660 | 38.60% | 361,853,003 | 37.74% | -0.87 |
Microsoft | 286,014,566 | 31.10% | 316,843,695 | 33.04% | 1.94 |
nginx | 143,095,181 | 15.56% | 146,204,067 | 15.25% | -0.31 |
20,960,422 | 2.28% | 20,983,310 | 2.19% | -0.09 |
Developer | March 2014 | Percent | April 2014 | Percent | Change |
---|---|---|---|---|---|
Apache | 93,759,928 | 52.18% | 95,512,314 | 52.44% | 0.26 |
nginx | 25,497,586 | 14.19% | 25,900,525 | 14.22% | 0.03 |
Microsoft | 20,436,280 | 11.37% | 20,175,151 | 11.08% | -0.30 |
14,967,579 | 8.33% | 14,829,924 | 8.14% | -0.19 |
For more information see Active Sites
Developer | March 2014 | Percent | April 2014 | Percent | Change |
---|---|---|---|---|---|
Apache | 537,714 | 53.77% | 534,392 | 53.44% | -0.33 |
nginx | 176,507 | 17.65% | 178,154 | 17.82% | 0.16 |
Microsoft | 123,981 | 12.40% | 124,019 | 12.40% | 0.00 |
29,937 | 2.99% | 29,593 | 2.96% | -0.03 |
(Mar 31) Security Report Summary
58 queries. 8.5 mb Memory usage. 0.540 seconds.