June 2012 Web Server Survey

Jun06
by Ike on June 6, 2012 at 7:55 am
Posted In: Web Server Survey

In the June 2012 survey we received responses from 697,089,482 sites, a growth of 5.1% or 34M sites since last month.

All major web server vendors experienced an increase in hostnames this month. After a loss of 17.5M hostnames last month Apache saw the largest growth this month with an increase of 22.8M hostnames. The second largest growth was seen by Microsoft with an increase of 3.5M hostnames. This, however, still resulted in a loss in the market share for Microsoft. nginx, after nine consecutive months of market share growth, also experienced a loss in market share albeit gaining 2.1M hostnames.

The 6th of June 2012 is the World IPv6 launch day. The event is organized by the Internet Society and it is aiming to promote the widespread usage of the protocol. This month’s survey received IPv6 AAAA results for over 7M hostnames, mapping to 105k distinct IPv6 addresses. Apache was found running on the majority of these hostnames (6.2M), followed by nginx with 398k hostnames.

Total Sites Across All Domains
August 1995 – June 2012

Total Sites Across All Domains, August 1995 - June 2012

Market Share for Top Servers Across All Domains
August 1995 – June 2012

Graph of market share for top servers across all domains, August 1995 - June 2012

Developer May 2012 Percent June 2012 Percent Change
Apache 425,631,721 64.20% 448,452,703 64.33% 0.13
Microsoft 92,406,480 13.94% 95,891,537 13.76% -0.18
nginx 70,764,248 10.67% 72,881,755 10.46% -0.22
Google 21,264,616 3.21% 22,464,345 3.22% 0.02

Totals for Active Sites Across All Domains
June 2000 – June 2012

Developer May 2012 Percent June 2012 Percent Change
Apache 109,278,620 57.02% 107,485,139 55.73% -1.29
Microsoft 22,803,442 11.90% 23,464,661 12.17% 0.27
nginx 23,938,754 12.49% 23,114,450 11.98% -0.51
Google 15,855,806 8.27% 16,473,290 8.54% 0.27

For more information see Active Sites

Market Share for Top Servers Across the Million Busiest Sites
September 2008 – June 2012

Developer May 2012 Percent June 2012 Percent Change
Apache 617,430 62.02% 614,721 61.75% -0.27
Microsoft 146,974 14.76% 147,054 14.77% 0.01
nginx 100,417 10.09% 102,449 10.29% 0.20
Google 29,071 2.92% 28,498 2.86% -0.06


└ Tags:
 Comment 

Pending Removal of Atmail open plugin

Jun05
by Ike on June 5, 2012 at 2:51 pm
Posted In: Apache, CMS, Community, cPanel, Events, Releases, security, System

With cPanel & WHM 11.28 the ability for server owners to provide custom webmail applications was introduced. To demonstrate this feature we introduced the Atmail Open plugin.

Recently Atmail Inc., the creators of Atmail Open, decided to no longer provide the open source version of their product. Due to this change, cPanel will no longer distribute, or provide, the Atmail Open plugin via our Plugin service. The last update, 1.0.5, of the plugin was released in early May 2012. If you have not already, please verify your version of the plugin has been updated. The Atmail Open 1.0.5 release addresses some security issues.

In August 2012 we will no longer provide the Atmail Open Plugin. In anticipation of this we have marked the plugin as End of Life and will be provided in its current, and final, state. We will not release security patches for this application. After August 2012 the Atmail Open plugin will no longer be available for installation.

What does this mean for you?

If the Atmail Open plugin is installed on your server, it will continue to function. Since no further updates or fixes are forth coming on this application we encourage you to begin planning an exit strategy with your customers. From now until we remove the Atmail plugin in August 2012, you will be able to uninstall the application using the Manage Plugins interface in WHM. When we no longer provide the plugin, it can only be uninstalled using the following commands:

cd /usr/local/cpanel/modules-install/atmailopen-*

./uninstall 

If you have not installed the Atmail Open plugin, then no changes or action are needed.

Will cPanel Replace Atmail with something else?

We are not evaluating a replacement for Atmail Open, at this time. We currently provide three webmail clients: Horde, Roundcube, and Squirrelmail. There are a variety of webmail applications available in our application catalog.

We hope you enjoyed the use of Atmail Open while it was available.

└ Tags:
 Comment 

Targeted Security Release 2012-05-31 Disclosure

Jun04
by Ike on June 4, 2012 at 8:06 pm
Posted In: Apache, CMS, Community, cPanel, Events, Releases, security, System

The following disclosure covers the Targeted Security Release 2012-05-31. Each vulnerability is assigned an internal case number which is reflected below.

Information regarding cPanel’s Security Level rankings can be found here:

http://go.cpanel.net/securitylevels

 

Case 59634 

Summary 

Arbitrary File Write vulnerability in Apache Piped Log Configuration

Security Rating  

cPanel has assigned a Security Level of “Important” to this vulnerability. An important rating applies to vulnerabilities that allow system authentication levels to be compromised. These include allowing local users to elevate their privilege levels, unauthenticated remote users to see resources that should require authentication to view, the execution of arbitrary code by remote users, or any local or remote attack that could result in an denial of service.

Description 

When using the Apache Piped Log Configuration, a sophisticated attacker could manually format log messages to take advantage of insufficient input validation in the splitlogs binary. When combined with a directory traversal attack, this vulnerability could allow the attacker to write to arbitrary files on the system.

This vulnerability was discovered by the cPanel Quality Assurance Team. The Apache Piped Log Configuration is a feature which is disabled by default.

Solution 

This issue is resolved in the following builds: 

  • 11.32.3.19 and greater
  • 11.32.2.28 and greater
  • 11.30.6.8 and greater

Please update your cPanel & WHM system to one of the aforementioned versions or the latest public release available. A full listing of published versions can always be found at http://httpupdate.cpanel.net/.

Additionally, this vulnerability is only present when the Apache Piped Log Configuration is in use.

http://httpupdate.cpanel.net/

 

Case 59656

Summary 

Arbitrary Code Execution through cPDAVd

Security Rating

cPanel has assigned a Security Level of “Important” to this vulnerability. An important rating applies to vulnerabilities that allow system authentication levels to be compromised. These include allowing local users to elevate their privilege levels, unauthenticated remote users to see resources that should require authentication to view, the execution of arbitrary code by remote users, or any local or remote attack that could result in an denial of service.

Description

This is a vulnerability in the cPanel WebDAV implementation, cPDAVd. It would allow an authenticated user the ability to execute arbitrary code through improperly sanitized filenames.

This vulnerability was discovered by the cPanel Quality Assurance Team.

Solution

This issue is resolved in the following builds:

  • 11.32.3.19 and greater
  • 11.32.2.28 and greater
  • 11.30.6.8 and greater

Please update your cPanel & WHM system to one of the aforementioned versions or the latest public release available. A full listing of published versions can always be found at http://httpupdate.cpanel.net/.

 

└ Tags: ,
 Comment 

cPanel releases cPanel & WHM 11.32.3.19 to RELEASE tier

Jun04
by Ike on June 4, 2012 at 5:40 pm
Posted In: Apache, CMS, Community, cPanel, Events, Releases, security, System

cPanel is pleased to announce the release of cPanel & WHM 11.32.3.19 to the RELEASE tier. This monumental release comes from a new development style; focusing on delivering resolution to cases as soon as possible instead of waiting for the next major version. This release addresses over 200 cases that will provide numerous bug fixes and updates. 

Due to the volume of resolved cases, there is no overall theme to the update. Updates of note include:

  • Reduction in noise from yum in CentOS 6.
  • Suppression of false positive messages from cphulkd.
  • Resolved an issue when adding non-Class-C subnets masks.
  • Updates were made to MySQL 5.1 and 5.5
  • Fixed a race condition when update_sa_rules –background is run.

We highly recommend that all users on the RELEASE tier update to this version. We also recommend that all application developers test their code against this release to ensure third-party code runs correctly with the new release.

To update cPanel & WHM manually:  

  1. Log into WHM as the root user. 
  2. Click on the WHM 11.32.X (build X) link on the top right corner of the screen.
  3. Click the button labeled Click to Upgrade.

Visit the cPanel & WHM 11.32 Change Log to read more

└ Tags: , , ,
 Comment 

Plesk 10.4.4 for Ubuntu 12.04 has been released

Jun04
by Ike on June 4, 2012 at 9:29 am
Posted In: Plesk, Releases

Links to autoinstaller:
http://download1.parallels.com/Plesk/PP10/10.4.4/Ubuntu12/parallels_installer_v3.12.0_build120601.16_os_Ubuntu_12.04_i386
http://download1.parallels.com/Plesk/PP10/10.4.4/Ubuntu12/parallels_installer_v3.12.0_build120601.16_os_Ubuntu_12.04_x86_64

Templates for Parallels Virtuozzo Containers will be released later.

 Comment 

50 queries. 8.75 mb Memory usage. 0.431 seconds.