Slashdot Mirror

Akami forwards the header strings from whatever httpd the Akami network is caching/fronting for.

http://news.netcraft.com/archives/2003/08/17/wwwmicrosoftcom_runs_linux_up_to_a_point_.html

In reality, these kind of attacks have been happening for years. Netcraft first reported on banner network hijacking more than three years ago, in August 2004, and cited similar attacks that may go back as far as 2001. High-profile sites that have been affected almost from the start. In November 2004, the web sites of The Register, NBC/Universal, The Golf Channel, The A&E Network and Sony Pictures Digital were used to distribute malware.

In reality, these kind of attacks have been happening for years. Netcraft first reported on banner network hijacking more than three years ago, in August 2004, and cited similar attacks that may go back as far as 2001. High-profile sites that have been affected almost from the start. In November 2004, the web sites of The Register, NBC/Universal, The Golf Channel, The A&E Network and Sony Pictures Digital were used to distribute malware.

Yeah, I immediately thought of a set of malicious ads that triggered an IFRAME exploit back in 2004. The Register found them on their own site, pulled the ads and apologized to their readers. The Internet Storm Center did a pretty good write-up of the incident.

http://news.netcraft.com/

I'd say they've not only shored up the towers, but have mounted a counter-attack.

Now a lot of arguments have been made about production sites vs. domain parked sites on Apache vs. IIS, but none the less.

Netapp dislikes Sun so much, and yet, they use their OS While I run and push Linux, Solaris is a good OS and ZFS will be decent in years to come (still buggy). I find it interesting that Netapp decided to sue over this. These system do not really compete against each other.

This is why Rackspace is moving to an abandoned shopping mall -- better to protect oneself against aggressors, ravenous zombies.

So they're going to seize the NSA's computers? Perhaps they're going to seize the computers running whitehouse.gov? Or let's go the direct route and have the FBI seize some computers close to home.

So they're going to seize the NSA's computers? Perhaps they're going to seize the computers running whitehouse.gov? Or let's go the direct route and have the FBI seize some computers close to home.

For more info, check here: http://netcraft.com/

Microsoft isn't running linux servers, they're using Akamai who does.

http://news.netcraft.com/archives/2003/08/17/wwwmicrosoftcom_runs_linux_up_to_a_point_.html

This is according to http://news.netcraft.com/archives/web_server_survey.html, though Security Space paints completely different picture http://www.securityspace.com/s_survey/data/200709/index.html.

This is according to http://news.netcraft.com/archives/web_server_survey.html, though Security Space paints completely different picture http://www.securityspace.com/s_survey/data/200709/index.html.

By the way, who of the two is more credible? Netcraft or Security Space?

It looks like IPInnovate is using a net block company that is USING Red Hat and Fedora to Run Apache 2.0 using mod_ssl and openssl. Hmm They are suing Red Hat but they use a company that uses a product from the company they are suing..... Sounds like a conflict of interest to me.
Netblock owner LNH INC.

It looks like IPInnovate is using a net block company that is USING Red Hat and Fedora to Run Apache 2.0 using mod_ssl and openssl. Hmm They are suing Red Hat but they use a company that uses a product from the company they are suing..... Sounds like a conflict of interest to me.
Netblock owner LNH INC.

I'm a little confused why everybody avoids Mac OS X. I thought it was based on BSD Unix and bundled with Apache, so why aren't people using it for even basic hobbyist Web pages? Is it just a marketing/image problem, or are there valid technical reasons? Even Apple doesn't use Mac OS X exclusively; see http://searchdns.netcraft.com/?restriction=site+contains&host=.apple.com&lookup=wait..&position=limited, which shows that they are also using Solaris 8, Linux, and "unknown".

What's up with that?

Linux owns the server space, MSFT's hardly even a relevant player, that's not going to change

Actually MS is gaining in the server market. Netcraft shows that Apache is dropping whereas MS is increasing in servers. Though this talks about Apache not Linux, while Apache runs on Linux and Windows as well as OX S (I have it installed on my Macbook Pro) and Solaris, MS Internet Information Server only runs on Windows. Easily at least. If ISS is gaining not only is Apache loosing ground but Linux is as well.

Iftach Amit says "Since Linux machines can be used to more easily create specially crafted networking packets, they can be used in highly sophisticated online attacks". If you root-kit a machine then regardless of OS you can create whatever packets you want. Bypassing the IP protocol stack and sending raw data on the wire can't be particularly difficult if you are trying to conceal processes from the equivalent of "ps" and avoid other methods of detecting your code.

While I agree that Linux is a reliable OS, I doubt that is a reason for attackers to target it for running phishing web servers either. A good reason for targeting an OS is that you know it well and can easily write code for it. Given that many insecure machines can be obtained running any OS you please it makes sense that attackers will target their attack on machines that they know well. Maybe the criminals in question just enjoy Linux programming!

http://survey.netcraft.com/Reports/200708/

Then there's the issue of where servers are located, if you want reliable servers on the net then often the location of the server (in terms of a server room with UPS etc) is more important than the OS. What's the server market share for Linux? The above URL shows Apache leading the field for web servers and most Apache installations run on Linux...

It seems that if you want to own some web servers then aiming at Apache on Linux gives the largest number of potential targets - whether that gives the largest number of vulnerable targets is another matter.

61.172.245.67 Windows Server 2003 Microsoft-IIS/6.0 18-Aug-2006

It was a better than usual phish (of course, a lot a pretty bad). Netcraft Toolbar for FF caught it, though. It would be interesting to know how long it took for Netcraft to identify it as a phish.

That reminds me of this one.

I'm curious as to which security hole or human weakness he used. I see from his site and Netcraft that a lot of sites were Windows Server 2003 or Windows 2000 running IIS, but there is also Apache on Linux.

offline update is terrific; its basically a script that wgets the patches directly from Microsoft,

The geinous of M$ can not be understated. Rather than let people share the burden of distributing their "patches" (efficiently)they will make everyone go to them. We have just seen how well they do at an easier task.

It won't be long before they only allow "authenticated" clients to download.

The contrast between this and the free software world could not be greater. Every gnu/linux distro has been easy to keep up today for the last ten years and there are verified mirrors everywhere. When you download a package from a mirror, you can md5 sum check it against the original source and most package managers do this automatically. M$ on the other hand, won't even let you distribute what they consider "free". Be wary when someone from M$ advocates BSD, love of your freedom is not the reason for their advice.

http://news.netcraft.com/archives/2007/02/02/febru ary_2007_web_server_survey.html

I was thinking the same thing -- and just before seeing your post did look for myself with http://uptime.netcraft.com/up/graph?site=www.usban k.com and found "Microsoft-IIS/5.0 10-Jul-2007 170.135.216.181" at the www site. applications.usbank.com I could not specifically identify, but I have to assume it isn't wearing a Tux... Based on this -- being a geek -- it was enough to halt said application.

And YES, being the geek that I am, I do monitor my own bank rather closely (Solaris :).

Well, a serious "hacker/cracker" is into "industrial espionage", & "information stealing" for profit, who wants to make MONEY @ it!!!

Apache, at least, enjoys quite a bit of market share, and Linux is probably still at at least 20-30%, if not 50% of web servers.

It may still be a smaller target than desktop Windows, but the fact that it has had close to ZERO compromises in the wild, even with a decent amount of marketshare on the server, says something about its security.

2.) Those same "hacker/cracker" types are getting their attack surface areas ROBBED by techniques like I list in this URL below

Sorry, not by much. I imagine you've gotten about as many people to lock down their systems as I've gotten people to switch to Linux.

No, what's really causing problems is that Microsoft is finally starting to develop secure software. Starting to -- I don't think they're quite there yet, but we'll see.

once discovered OR USED & reverse engineered? ARE DOING THE WORLD A FAVOR

This is a truly moronic statement. If there were no "Hacker/Crackers" in the world, wouldn't there also be no need for security?

That's like saying the terrorists did us a favor on 9/11 by forcing us to tighten airport security. Sorry, but no -- I truly hope that we, as a species, have evolved to the point where we can tighten airport security (at least as much as we need to) without somebody having to die first.

But consider: Suppose I were to discover a flaw in an open source project. I can fix it myself, maybe even get a bounty for it, but in the absolute worst case, I've made my own system more secure.

Now, suppose I were to discover a flaw in Windows. I can't reasonably fix it myself, all I can do is tell Microsoft about it -- and Microsoft has been known to sit on this kind of report for months without doing anything about it. I could get the flaw fixed faster -- and make a little money on the side -- by creating a botnet with it.

I don't actually do either of these things, though I am sure you're going to imply that I implied that I have or will. I'm just pointing out, perhaps one reason security is better on Linux isn't even because of the actual tech, but because of the way in which we deal with security holes.

I think that in 5-7 years time in fact, you will see almost NO OS or BROWSER LEVEL/APPLICATION LEVEL attacks anymore

I think that's half bullshit.

OS-level attacks may not happen anymore, if by "os-level" you mean things like ping-of-death. I also doubt there will be many attacks in which something escapes the browser and attacks the rest of the user's own system.

However, I think we'll see just as many stupid application-level attacks, because there will be stupid applications out there -- we just won't see as many against Microsoft's own products, because they have to keep getting better, so they can keep saying we're "more secure [than we were two years ago]" and keep people from migrating to other systems. I believe we'll also see far more attacks of the cross-site variety -- as in, one script running in the browser attacking another script running in the browser.

All of the Linux distros I've seen pack in much more than that, which seems like overkill to me. I'd also have to think that the group would find a whole new slew of anoyances with Linux as well. Especially if they can't playback music or watch videos (does YouTube work w/Linux?).

How do you KNOW that "active" for them doesn't mean "responded?"

Because if you look through their historical archives, you'll find that whenever they change their methodology, they give a report on the changes. The first survey that has a breakdown into active and inactive explains the criteria they use.

Do they actually compare the HTML and count anything above a 95% similarity as one site? That is what they would have to do in order to be analyzing it as you assume they are. Anyone going to that trouble would, as GP suggested, provide some modicum of an explanation as to their methods if for no other reason than to say "See how cool we were?" and score geek points.

The only reason someone does not back up statistics and such, as has been pointed out here many many times, is they are meaningless if you actually say how little work went into obtaining them.

They do back up the stats. Just because you haven't bothered looking for the details, doesn't mean they aren't there. See description of methodology here. I believe they may have tweaked it a little since then, but can't be bothered to look up the details. The differences aren't major, I believe.

This does not mean they are not purchasing their market share

At least they are not trying to fake it like Bruce Perens.

I wouldn't have said this five years ago, but I think Real Soon Now people like you are going to have to start accepting that maybe IIS6/7 is simply good, and that's why they're gaining market share. I don't think they'll ever overtake Apache, but seriously, this "M$ must be buying market share and killing people" paranoia becomes ridiculous and untenable to say the least.

"In fact, open source has conclusively, and probably forever, denied Microsoft a monopoly in the server market."

If you look at the netcraft graph, Apache denied Netscape and Sun far more than Microsoft. When Apache entered the market, Netscape servers ruled the roost, followed by Sun. By the time Microsoft entered the arena, Apache was becoming the dominant player, and destroyed Netscape and Sun shortly thereafter. Then Microsoft started to make some headway in 2002, then Apache increased its lead to 50 percentage points in 2005, but Microsoft has gained ever since Nov 2005 to cut Apache's lead to its smallest yet today (12 percentage points). In fact, the opposite of what you state is true - Microsoft denied Apache a monopoly in the web server space, not the other way around.

Oh, and it's not just "parked sites". The GoDaddy switch was a one time thing and doesn't explain Microsoft's continuous rise since then. (And it's likely that Apache still has many more parked sites than IIS does.)

...according to this Netcraft report:

http://toolbar.netcraft.com/site_report?url=http:/ /www.ebuyer.com

Yes, but how reliable is Netcraft? Basically (as explained in their FAQ) they believe anything a server tells them, and try to deduce it from something else when the server doesn't tell them anything.

I know a site that's running a Oracle Web Services (I don't know if it's derived from Apache or something entirely written at Oracle or whatever), on Debian, where that statistic just keeps going up instead of dropping to zero each time it should. That would be DAILY (the server is taken down for database maintenance on each working day, and despite that, it still crashes a couple of times per week. I've known it to remain down for more than 24 hours after a crash - and when it came back up, Netcraft's uptime stat just continued from where it left off.

The site belongs to the Belgian government, stats here.
BTW, if you visit the URL as in the netcraft link you'll get just the opening page of an informational site, the server's main load comes from a webservice that requires a logon.

Also interesting to see that the first linux box comes in the 37th position, with both Windows 2000 and Server 2003 far ahead of it.
And actually, windows should be at number 4 instead of 6: numbers 1 and 2 are the same machine (identical stats and the names resolve to the same IP), and ditto for 3 and 5.

I don't know jack about the methodology Netcraft uses nor do they make it clear. The "top developers" attributes Google as the big winner, but there's no documentation on those stats either.

This page is pretty strange. http://uptime.netcraft.com/up/today/requested.html The site blink.nu is a microsoft press release machine of some kind and has ~1.6 times the number of queries of the next nearest site. Odd to say the least.

Conjecture aside, what's happening is all kinds of GPL(ish) projects are growing and the stats are being positioned as a loss for Apache. This is very similar to how NPD intellect royally screws Apple in favor of Microsoft by aggregating all PC's with Microsoft's OS against Apple. Disaggregate the numbers by vendor and you find Apple does extremely well in consumer segments.

You'll notice that list is the list of highest uptime in days. Well because of various reasons netcraft doesnt count most linux boxes above 198 days. Read these 2 netcraft FAQ entries: http://uptime.netcraft.com/up/accuracy.html#cycle2 50

Because of this linux isnt in that list.

This downturn started last year when MS paid GoDaddy to swap out (or claim to swap out) its domain parking.

Going to karma hell for this but, tell me, is paying someone (if they did) better or worse than Bruce Perens faking host headers in order to boast Apache ratings? Or is that even sillier than your assertion that MS sneaked IIS back on by default? (which of course wouldn't make a big dent anyway as more Windows boxes are behind firewalls than in front, and those ones already exposed on port 80 are probably doing it on purpose).

As the Perens stunt shows netcraft may not just be relying on host headers at all as you seem to think.

eBay is a cookie cutter site?

Apache has a vast majority of sites with longest uptime.

I don't think parked domains are considered "active servers." The Netcraft stats show that IIS is gaining ground against Apache even faster among active servers than nonactive servers (see this graph). Godaddy switching to IIS would not explain that.

Or am I misunderstanding what "active servers" are?

With this month's survey, Netcraft has begun tracking Google's custom web server software known as GFE (Google Front End), which is currently found on 2.7 million hostnames, or 2.3% of all sites. Google customizes its web infrastructure, with in-house solutions for software and hardware, including energy-efficient servers and power supplies. GFE is the server found on Blogger sites at blogspot.com, while Google uses GWS (Google Web Server) on some other services, although none with the volume of hostnames seen at Blogger.

Debian is fine but the lack of "The Debian Company" means it's more limited to non critical roles or small businesses/non profit organisations.

Debian is fine but the lack of "The Debian Company" means it's more limited to non critical roles or small businesses/non profit organisations.

I think it's funny how a company can be attacked as being "ignorant" for making a reasonable business decision. Comcast doesn't hate Firefox, just as it clearly doesn't hate *NIX:

http://searchdns.netcraft.com/?restriction=site+co ntains&host=comcast&lookup=wait..&position=limited

Unfortunately, supporting Firefox as of right now is clearly not financially beneficial to the company. As with any company that deals with technology, it's not as easy as it sounds to get all of their technical support services, which tend to be staffed with non-technical users, to support a multitude of platforms. Some things have to be simplified. Just as we can't expect technicians to speak every language in the world, we can't expect them to know every computing platform in the world.

I also work for Comcast. THIS is how Comcast handles Linux or, more appropriately, *NIX:

http://searchdns.netcraft.com/?restriction=site+co ntains&host=comcast&lookup=wait..&position=limited

Proof for what? Larger market share. And surely it has to be most targeted, after all we're always being told Windows has such a problem with malware because it is most popular and not merely because it is swizz cheese.

This is a typical non-free cluster fuck, with a heavy leaning on the Cisco side. LSU's Wireless has adopted some stupid new "security" feature that won't even talk to iPhone. It's also causing lots of other problems, even with the wired network. On Windoze, the client deletes Firefox settings which requires lots work by lab owners. Printers have been iffy since roll out and today it knocked out the whole building all morning.

I get the feeling this was planned long ago to help push the Vista upgrade train along. There is no client software for Windoze 98, gnu/linux users are inconvenienced and Apple users get some kind of half ass support that does not include iPhone. The default page for sign on is now that crappy Windoze advertisement, which tells you all about how to set up your "outblaze" Outlook.

The reason it got used at LSU? Federal wiretap laws and poor budgeting.

No real security is going to be gained. Insecure sites will still be interceptable on the much larger internet and Windoze botnets will have no problems negotiating the new crappy network.

Probably a significant percentage of all webserver computers in the world run on Linux or one of the BSDs (all open source so vulnerable according to the FCC :-)). Those are more interesting targets qua hardware and network connectivity, for a set of zombie computers rather than just any old PC which gets turned off at night, has a slow connection, etc. etc.

I think it's a pity there are no good statistics. Netcraft has estimated numbers on the different webservers though (IIS = Microsoft, but Apache doesn't imply Linux or BSD). But lately those statistics have been polluted (look at the sudden bumps in the graph).

Clueless M$ user Macthorpe is confused by hosting and dreams of a M$ dominated web. By M$ hosting disaster I mean companies that tried to sell web hosting all bellied up. Your little partial quote of the top twenty web sites does not bring the results you want either (an old list). You can add up all of the M$ sites and barely beat either Yahoo or Google but not both. AOL does not use M$ . When you add them, youtube, wikipedia and other great GNU powered sites, M$ quickly vanishes. When you include the traffic from all the smaller sites, there's no contest at all.

In a year or two, Windows may be less than 50% of the Web also

M$ has a hard time getting more than a third of the web and their expansion is capped. Only terminal M$ partners run M$ web servers. Ventures into M$ hosting have met disaster and DIY types will always use some kind of free software. What do you mean when you say Windows may be less than 50% of the web?

http://toolbar.netcraft.com/site_report?url=http:/ /www.whitehouse.gov

Looks like they're totally Linux/Apache based... maybe GWB can do something right after all?