April 2013 Web Server Survey

Apr02
by Ike on April 2, 2013 at 2:50 pm
Posted In: Web Server Survey

In the April 2013 survey we received responses from 649,072,682 sites, 17.6M more than last month.

This month, market leader Apache lost 9.9M sites, or 3 percentage points of market share. A major contributor to this loss was the movement of a large affiliate referral network consisting of around 8M sites now being served by nginx. Apache is now used by just over 51% of websites, which is still substantially more than its closest competitor Microsoft IIS. IIS gained 1.95 percentage points of market share this month (an increase of 15.8M hostnames) bringing its market share to almost 20%. Meanwhile, nginx saw an overall growth of 10.6M sites this month, with the largest nginx hosting company, Hetzner Online AG, contributing an additional 1.6M sites.

In terms of active sites the survey was less volatile. Apache still experienced an overall loss, however much smaller at just 288k active sites. The biggest increase came from nginx, and was unrelated to their large hostname gain described earlier, with Peer1 Networks gaining 1.5M nginx active sites.

North Korea’s drew the world’s attention to its web presence by accusing the United States and its allies of “intensive and persistent virus attacks” on servers operated by the North Korean regime. The Korean Central News Agency’s press release goes on to assert that:

“It is nobody’s secret that the U.S. and south Korean puppet regime are massively bolstering up cyber forces in a bid to intensify the subversive activities and sabotages against the DPRK [Democratic People’s Republic of Korea].”

There is only a very small number of North Korean sites accessible from outside of the country; however, these sites do make use of several modern and popular web technologies from around the globe.
The Rodong Sinmun newspaper’s site uses PHP and CentOS 5, and hosts an HTTPS service with an expired self-signed certificate. More controversially, The Korean Central News Agency’s official website uses Java, Flash and jQuery and is hosted using Apache 2.2.3 on a server running Red Hat Enterprise Linux 5, a commercial Linux distribution which is owned, distributed and supported by American multinational Red Hat, Inc. Red Hat Enterprise Linux is subject to U.S. export controls, which specifically prohibit its use in North Korea. As a result, this installation is likely unlicensed and so may not receive security updates.

Meanwhile in South Korea, the Government of Korea, an SSL certificate authority (CA) trusted by Microsoft has revoked the last of more than 100 unusual SSL certificates each of which could have allowed its owner to act as a trusted CA. With the ability conferred by the cA bit being set in the Basic Constraints extension, a forged certificate signed using the mis-issued certificate could be trusted for any site by users of some SSL implementations. Any such certificate could be used to perform man-in-the-middle attacks on users of third-party websites in order to view the contents of any intercepted encrypted traffic. There is an additional property which is usually required for a certificate to be considered a valid intermediate — ‘Certificate Signing’ should be set as a permissible Key Usage — but some implementations may ignore this extra requirement. None of the Korean certificates found had the necessary flags set in this additional extension, so most implementations would not trust such forged certificates.

The certificates found appear to have been issued to South Korean academic institutions without the intention of them being able to sign additional certificates. These certificates have been in the Netcraft SSL Server Survey for some time but no longer pose a risk: all of the certificates concerned have either been revoked or have expired. The most recent revocation was on January 31st 2013 for a certificate issued in late 2011, showing it was at risk of misuse for more than a year.

Developer March 2013 Percent April 2013 Percent Change
Apache 341,021,574 54.00% 331,112,893 51.01% -2.99
Microsoft 113,712,293 18.01% 129,516,421 19.95% 1.95
nginx 85,467,555 13.53% 96,115,847 14.81% 1.27
Google 22,605,646 3.58% 22,707,568 3.50% -0.08

Developer March 2013 Percent April 2013 Percent Change
Apache 101,960,513 54.98% 101,671,575 54.37% -0.61
nginx 22,224,423 11.98% 24,138,825 12.91% 0.93
Microsoft 22,962,575 12.38% 22,686,924 12.13% -0.25
Google 15,016,785 8.10% 15,178,507 8.12% 0.02

For more information see Active Sites

Developer March 2013 Percent April 2013 Percent Change
Apache 583,521 58.73% 581,497 58.52% -0.22
Microsoft 136,037 13.69% 136,552 13.74% 0.05
nginx 127,222 12.81% 129,561 13.04% 0.23
Google 18,307 1.84% 18,387 1.85% 0.01


└ Tags:
 Comment 

Joomla 3.1 Beta3 Released

Apr01
by Ike on April 1, 2013 at 10:13 pm
Posted In: CMS, Community, Joomla, Project Release News, Releases

The Joomla! Project is pleased to announce the availability of Joomla! CMS 3 Beta3. Community members are asked to download and install the package in order to provide quality assurance for Joomla 3.1. Joomla 3.1 is scheduled for release on April 15th, 2013.

Joomla 3 is the latest major release of the Joomla CMS, with Joomla 3.1 the second short term support release in this series.  Please note that going from Joomla 3.0 to 3.1 is a one-click upgrade and is NOT a migration.  The same is true is for any subsequent versions in the Joomla 3 series.  That being said, please do not upgrade any of your production sites to the beta version as beta is ONLY intended for testing.

What is this release for?

This is a beta release and not for use on production sites.

Extension developers are encouraged to work with this release in order to prepare extensions for the General Availability release of Joomla 3.1, though there shouldn’t be any backward compatibility issues. Users are encouraged to test the package for issues and to report issues in the Joomla! issue tracker

Click here to download.

What are the new features of Joomla! 3.1?

  • 29855 – Tags (click here to see the recent blog post about it)
  • 29822 – Show logs in debug console
  • 30085 – Refactor installation to use new application and MVC classes
  • 29965 – Added pagination in COM_SEARCH component
  • 29770 – Added triggers on save for com_config
  • 30230 – JPlugin autoloadLanguage property
  • 28924 – Added SQL Server subclass for FinderIndexer
  • 30318 – Media wiki package
  • 30369 – OpenStreetMap package
  • 30364 – UNION ALL feature

Miscellaneous: 28574 – Removed the GeSHi plug-in

What are the other new features of the Joomla! 3 series?

  • Incorporation of Twitter Bootstrap into a jui media package.
  • A new responsive administrator template–Isis– and interface.
  • A new front end template–Protostar– built using Twitter Bootstrap
  • Updated accessible template called Beez3
  • PostgreSQL Driver. You will be able to run Joomla 3.0 sites using the PostgreSQL database.
  • PHP Memcached Driver
  • Use of JFeed for feed management rather than SimplePie
  • Installation of language packages directly from the extension manager
  • Guest user group present by default
  • Saving blank articles allowed
  • New administrator statistics module
  • Update TinyMCE to version 3.5.6
  • Continued clean up of older unused code, files and database fields and tables and improved standardization of tables.
  • Improvements to Smart Search
  • Extensive work on code style standardisation and consistency
  • Unit testing in the CMS
  • Updated system tests in the CMS 
  • Multilanguage: adding items associations in remaining core components.
  • Language Installation tool for the Joomla Installer.
  • Items associations in multi-language
  • Allow different update packages for different version dev levels

What is the status of Joomla! 2.5?

Version 2.5 of the Joomla! CMS is a Long Term Support release and support for it will continue until shortly after the release of Joomla 3.5 scheduled for Spring 2014. Joomla 2.5 users do not need to migrate to Joomla 3.0 or 3.1.

Will I be able to update directly to Joomla! 3?

Moving to Joomla 3.x from Joomla 2.5 will be a mini-migration not an upgrade, although for the core of Joomla! the migration should be simple. However, it is likely that templates for Joomla 2.5 will need modification to work with Joomla 3 as will many extensions. Always test prior to migrating and consult with the developers of any extensions and templates you use.

What is the status of Joomla! 1.5?

Support for Joomla 1.5 ended in April of 2012 and we continued to support it unofficially until the end of 2012 for medium to high priority security issues.  

Does that mean your 1.5 site will suddenly stop working? No, your site will continue to work as it always has. However, Joomla’s developers will not be releasing new versions for Joomla 1.5, so you won’t be getting bug fixes or security fixes. For this reason, it’s recommended to migrate from 1.5.

Moving from 2.5 to any Joomla 3 version is relatively simple, since Joomla has made the process easy for newer versions. Unfortunately, moving from 1.5 is not a trivial task. Fortunately, there are two good extensions that make the process easier: jUpgrade and SPUpgrade.

You have a choice of going straight to Joomla 3.0 or going to 2.5 first.  Both jUpgrade and SPUpgrade have versions ready for both versions.  Please consult with their documentation on how to migrate from Joomla 1.5 to 3.0/2.5.

For most new/migrated sites, the Joomla! 3 series is the preferred series and starting on it avoids a mini-migration from Joomla 2.5 later down the road. Starting on the Joomla 3 series for a new/migrated site, also provides you with longer backward compatible support (with one-click upgrades) than starting a new site on 2.5 right now, because support for 3.x ends in 2016.

How can you help Joomla development?

There are a variety of ways in which you can get actively involved with Joomla! It doesn’t matter if you are a coder, an integrator, or merely a user of Joomla!. You can contact the Joomla! Community Development Manager, David Hurley, [email protected], to get more information, or if you are ready you can jump right into the Joomla! Bug Squad.

The Joomla Bug Squad is one of the most active teams in the Joomla development process and is always looking for people (not just developers) that can help with sorting bug reports, coding patches and testing solutions. It’s a great way for increasing your working knowledge of Joomla, and also a great way to meet new people from all around the world.

If you are interested, please read about us on the Joomla Wiki and, if you wish to join, email Mark Dexter, one of the Bug Squad co-coordinators.

You can also help Joomla development by thanking those involved in the many areas of the process. The project also wants to thank all of the people who have taken the time to prepare and submit work to be included in Joomla 1.6,1.7, 2.5, & 3.1, and to those who have worked very hard on the Joomla Platform separation project.

Related information

If you are an extension developer, please make sure you subscribe to the general developer mailing list as this is a place where you can discuss extension development and news that may affect custom development will be posted from time to time.

Following is a list of previous news and information about Joomla and other sites of interest:

A Huge Thank You to Our Volunteers!

This beta release is the result of thousands of hours of work by dozens of volunteers. Thank you so very much for making Joomla the best CMS on the planet!

└ Tags:
 Comment 

cPanel & WHM Security Releases for 11.32, 11.34, and 11.36

Apr01
by Ike on April 1, 2013 at 9:47 pm
Posted In: 11.32, 11.34, 11.36, Community, cPanel, cPanel WHM Security, Hosting, key, News, security

cPanel has published security updates for all supported versions of cPanel & WHM. These updates contain fixes for a problem with the Roundcube webmail application. We recommend all customers update to the latest build of each version as soon as possible.

The cPanel Security Team has assigned a rating of Important to the vulnerability. Information on security ratings is available at http://go.cpanel.net/securitylevels. A locally authenticated user could take advantage of the flaw to gain access to sensitive information belonging to other accounts on the system. This problem was reported to us in case 64407.

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then you are highly encouraged to update your cPanel & WHM installs at your earliest convenience.

Releases

The following versions of cPanel & WHM address all known vulnerabilities:

* 11.36.0.20
* 11.34.1.13
* 11.32.6.4

The latest public releases of cPanel & WHM for all update tiers are published at http://httpupdate.cpanel.net.

Click Here to view the PGP Signed Message.

└ Tags: , , , , , ,
 Comment 

Most Reliable Hosting Company Sites in March 2013

Apr01
by Ike on April 1, 2013 at 2:25 pm
Posted In: Hosting, Performance
Rank Company site OS Outage
hh:mm:ss		 Failed
Req%		 DNS Connect First
byte		 Total
1 Datapipe FreeBSD 0.000 0.058 0.009 0.019 0.030
2 ServerStack Linux 0.000 0.026 0.051 0.103 0.103
3 iWeb Linux 0:00:00 0.005 0.079 0.066 0.134 0.134
4 GoDaddy.com Inc Windows Server 2008 0:00:00 0.005 0.092 0.069 0.303 0.617
5 Server Intellect Windows Server 2008 0:00:00 0.005 0.016 0.085 0.172 0.430
6 Swishmail FreeBSD 0:00:00 0.008 0.066 0.051 0.101 0.241
7 Kattare Internet Services Linux 0:00:00 0.008 0.148 0.126 0.252 0.520
8 Hyve Managed Hosting Linux 0:00:00 0.010 0.100 0.036 0.072 0.073
9 Pair Networks FreeBSD 0:00:00 0.013 0.186 0.059 0.121 0.461
10 www.cwcs.co.uk Linux 0:00:00 0.013 0.265 0.114 0.230 0.645

See full table

Datapipe was the most reliable hosting company in March 2013, with both the fastest average connection time and no failed requests. Even more impressive is its remarkable 100% uptime record, which now stretches back for

more than 7 years, and its connection times are regularly among the fastest we see each month.

The second most reliable hosting company in March 2013 – also with no failed requests – was ServerStack. Since Netcraft started monitoring ServerStack in October 2012, their site has had an uptime record of 99.990%. The company’s 100% uptime SLA offers 5% credit for every half hour of sustained downtime, although this excludes periods of scheduled maintenance and its only outage so far lasted just 24 minutes.

iWeb ranked third after failing to respond to only one request during the whole of March. This performance was closely followed by Go Daddy and
Server Intellect, each of which also failed to respond to just one request, but demonstrated marginally slower connection times than iWeb. Go Daddy’s appearance in fourth place came despite a series of distributed denial of service (DDoS)

attacks against its European webhosting operations, based in the Netherlands, which caused some of its customers’ websites to become temporarily unavailable.

The previous month’s winner,

Hyve Managed Hosting, ranked eighth this time with three failed requests, but demonstrated very good average connection and total response times. These metrics are purportedly taken into account by Google’s search algorithms, resulting in better rankings. Hyve’s customers can gain
similar advantages by using its high speed cloud platform with "light-speed" disk access, which allow its virtual servers to outperform traditional dedicated servers.

Datapipe runs its website on FreeBSD, which was also used by two other top-ten hosting companies during March: Swishmail and Pair Networks. Two sites were using Windows Server 2008, while the remaining five – including ServerStack – used Linux.

Netcraft measures and makes available the response times of around forty leading hosting providers’ sites. The performance measurements are made at fifteen minute intervals from separate points around the internet, and averages are calculated over the immediately preceding 24 hour period.

From a customer’s point of view, the percentage of failed requests is more pertinent than outages on hosting companies’ own sites, as this gives a pointer to reliability of routing, and this is why we choose to rank our table by fewest failed requests, rather than shortest periods of outage. In the event the number of failed requests are equal then sites are ranked by average connection times.

Information on the measurement process and current measurements is available.

└ Tags: ,
 Comment 

Debian: 2656-1: bind9: denial of service

Apr01
by Ike on April 1, 2013 at 7:26 am
Posted In: Other

(Mar 30) Matthew Horsfall of Dyn, Inc. discovered that BIND, a DNS server, is prone to a denial of service vulnerability. A remote attacker could use this flaw to send a specially-crafted DNS query to named that, when processed, would cause named to use an excessive amount of memory, or [More…]

└ Tags: , ,
 Comment 

50 queries. 8.75 mb Memory usage. 0.273 seconds.