March Netcraft survey

awptic writes "The March Netcraft survey is out. Among the changes is a 4% increase in the number of websites running IIS, primarily due, however, to register.com's domain name parking service switching to mostly IIS servers, which account for over 2 million of the 38 million sites surveyed. Ironically, a large number of the websites were defaced shortly thereafter."

Hack the Planet

[rblancarte]

The best line from one of the worst movies ever. Um, Verisign - ever heard of S-E-C-U-R-I-T-Y ?

RonB

Re:Hack the Planet

[rseuhs]

Come on, big marketing bucks coming from Redmond is more important than security.

Re:Hack the Planet

[the_chr0n1c]

Are these the domains they snatch up when you do a search for an available domain?

hacking parked domains.

[Transient0]

Interesting.
If the parked domains can be hacked and defaced so easily, one has to wonder just how secure the rest of their system is, which is responsible not just for domain name serving, but must handle massive credit card traffic.

Re:hacking parked domains.

[ThatComputerGuy]

According to the article, these tasks were outsourced... not good, but hopefully the same policy isn't taken with more sensitive tasks.

Re:hacking parked domains.

[diverman]

Actually, I would think that if more sensitive tasks, such as credit card processing were outsourced, it would actually benefit from having a company specialized in outsourcing such services.

I work for such a company. And having come from a web hosting company that did their own credit card processing, I can definitely say the above is true in my experience.

Cheers,
-Alex

Not just register.com

[Snowfox]

Not just register.com -- NetSol also moved much of its operations from UNIX systems to Windows systems, if you didn't have enough reason to question the sanity of NetSol already...

Re:Not just register.com

[Ami+Ganguli]

Hmm. Is there something about IIS 6.0 that makes it easier to do bulk hosting? Maybe it's time for a special Apache Cybersquatting Edition :-).

wow...

[oo7tushar]

this is after April F00ls day so it must be serious...w0w, does this mean that monkeys now rule the Universe? or at least Verisign?

Re:wow...

[rjamestaylor]

Monkeys? You're comparing Highly Qualified Professional MCSEs to monkeys? Many Successful Web Professionals are MCSEs. These Trained Professionals suffer long years to earn their credentials.

I am shocked. Shocked!

Re:wow...

ROFL!! Thank you for the links! Now I've reference next time the HR PHB asked me(once per week) "should I pay more if this candidate got MCSE?" Pay LESS for them you idiot! :D

Re:wow...

I feel your pain. A client has a nephew of one of the principals working as a support tech and is "working on" his MCSE (which earns him the title of "_____ Engineer" (I can't give too much away). Recently he explained how he's getting his "training" - downloading answer off the Internet. But, get this, his only passed ONE test so far (after months of "studying"). *Sigh* Sad thing is we end up doing this loser's job and his uncle just sings his praises.

Re:wow...

[haggar]

The way I see it, he's not the loser, you are. He both got lucky and he also figured the easier way to success.

BTW, I hate the guts of those type of guys...

Re:wow...

[9633]

>MCSE holders, about 350,000 of them worldwide, are qualified to run the computer systems of medium to large organizations, with up to 150 locations and 26,000 users. I just love this quote.

Trends

[Mattygfunk]

It's interesting to see the trend occurring in the articles charts. It looks to me as if the trend has Apache leveling out and then dropping recently, and IIS use jumping hugely this year. Even accounting for register.com I see MS catching up strongly.

Re:Trends

[spencerogden]

I think the past year has seen a rise in IIS because of the deployment of Win2000. The platform has fine matured as a server.

Re:Trends

[hawk]

> I think the past year has seen a rise in IIS
>because of the deployment of Win2000. The
>platform has fine matured as a server.

And given a few revisions, that last portion may finally mature as a sentence :)

hawk

Apache 2.0

[Lord+Ender]

Does anybody know when Apache 2.0 will come out? It supposedly has great design improvements on Windows as compared to Apache 1.X. A lot of Windows users might give Apache more consideration once it comes out.

Re:Apache 2.0

[tshak]

We (being a primarly MS house) got so fed up with this IIS (4.0) box that we actually put Apache for Windows on it. The main issue was dynamic scripting for site creation. A Perl script written in less then an hour (with minimal Perl experience then that, and NO experience with httpd.conf) was much more efficient then a huge VBScript (written over a few days) that accessed the IIS Metabase. However, with IIS 6.0 all site configuration and creation can be done by simply interfacing with an XML file.

Re:Apache 2.0

There's beta versions of 2.0.x out now but read the security notice here

They switch, regardless of the defacing risk

[jsse]

Several hundred thousand sites seem to have moved to this [Window based]system this month, and the drop in Netscape-Enterprise is largely a result of this. Ironically, many of the sites were hacked a few days later, Newsbytes reports.

All of the sudden a pictures of lemmings jumping off a cliff materialized in front of me.

Re:They switch, regardless of the defacing risk

Microsoft Mod strikes again. What most ./'s don't know is that microsoft has secretly infiltrated ./ with mods that have a microsoft bias.

Re:They switch, regardless of the defacing risk

By conspiracy theory if M$ really infiltrates /. to mod anti-m$ posts down then that'd be cool, because in this case we are at the 'they fight us' stage. :D

Re:They switch, regardless of the defacing risk

[Cally]

Lemmings is right. This trend to IIS from Apache started showing up right about the time Code Red and Nimda made it clear what a joke IIS is as a web server (as a paperweight, the box & CDs work great!) I can only conclude that pointy-haired bosses all over the world have simultaenously decided that if the thing's been trashed by three successive waves of malware, that all the bugs have been ironed out of the codebase by now. In other words, management are mindless cretins who deserve nothing but poking with sharp sticks, ridicule, and high-velocity custard pies.

Keeps us in work then :)

[Anon0mous]

We should praise Microsoft because if they didn't have these great operating systems and servers a lot of security professionals and techs would be without work!, nor hundreds of kids busy learning their skills hacking and fixing their parents and relatives computers. it would be dull without them its due to Redmonds foresight in creating numerous security "mistakes" that keeps us with cash in our pockets Praise be to Bill (gates/dollar)

Here's what is next...

[aardwolf64]

Here's what is next:

A website listing the 10 largest companies with Administrator password == NULL

Bleh... I've used Netcraft. It's pretty nice... you can find out what version of different software a webserver is running. Web pages like this though should emphasize how important it is to stay on top of the latest bugfixes... As often as exploits get posted for now outdated versions of software, not keeping things up-to-date is like hanging a "HackMePlease" sign on your back.

Focus on Security...

[goneaway]

I guess that strategy isn't working out so swell.Or maybe it's all just an incredible coincidence. Given the promotional push (read:throwing money at) that Microsoft has given to the idea of their product on the big iron lately this isn't too surprising.

The whole Unix is Bad and Hard for Your Teeny Little Brain to Process strategy is apparently failing too since they're running the website on BSD.

Re:Focus on Security...

Eh check for yourself, an namp looks pretty windows like.

I had the following "comment" for them:

The window in the picure? Is that the VNC window I can open to your server that is sitting in front of a firewall with VNC running?
You are going to show me the way out and hackers the way in! yay.

Re:Focus on Security...

[dgroskind]

when i hear the word 'culture' i reach for my revolver" - Henry Miller

The quote is actually from Hanns Johst, a Nazi playwright. It is often attributed to Goering, who conceivably repeated it.

It is an unlikely thing for Miller to say. He wrote in a tribute to Kenneth Patchem: "In our society the artist is not encouraged. not lauded, not rewarded, unless he makes use of a weapon more powerful than those employed by his adversaries. Such a weapon is not to be found in shops or arsenals: it has to be forged by the artist himself out of his own tissue."

I knew that Interland stunk already

[kraksmoka]

I used to have three domains with interland before getting a server. they always managed to screw things up. not long ago they merged with hostpro and things got really bad.

How stupid do you have to be to say that you are the largest IIS host, and that you're proud of it?????

anyway, they slashed the unix training for those people like crazy, promoted any real talent so you can never speak to them (level 3 tech my ass). they have a wonderful support secretary system now, to waste your time. if you're lucky they won't even assign a recycled IP address to your site and mess up your search placement, like they did to one of the sites. stay away from them at all costs. gs

Re:I knew that Interland stunk already

[Dimensio]

What do you expect from a spam-friendly provider? That fact alone means that they are run either by the clueless or the criminal.

Re:I knew that Interland stunk already

[joe_sample]

I think Interland is great. You're just a stupid-ass that needs tech support. Read a fucking book. Stay away from web servers.

Hacked Servers Outsourced to Interland

According to the Security Focus article the affected parking servers had been outsourced to Interland. Not really surprising, since Interland has left their servers vulnerable to various vulnerabilities for months at times.

People are inherently stupid

[Kwikymart]

Stupid people!

Every day we hear about how companies choose to implement MS solutions (adds more to the problem, however) rather than better BSD/Linux solutions. "But it's cheaper to employ an MCSE!"... That may be so, but this route should only be taken if you dont care about the company's data.

Fucking braindead corporations; spend the extra 15 thousand / year and protect your freaking data instead of throwing away your secrets. It's going to be cheaper down the road when you have to hire lawyers to start sueing people or lose business because people won't trust your braindead corporation with their credit cards.

Re:People are inherently stupid

Microsoft Mod strikes again. What most ./'s don't know is that microsoft has infiltrated ./ with mods that have a microsoft bias. Meta-moderation is ineffective when trying to weed out these mods.

Re:People are inherently stupid

[pmsr]

Flamebait or not, i dont know where people get the idea that is cheaper to employ a MCSE. Good professionals are hard to find, and they cost big bucks all the same. If companies looking to hire people take a MCSE at face value without considering anything else, then they just deserve an Enron like death. And facts do show that MCSE indeed expect to get well rewarded just because they are MCSE, even with no previous experience whatsoever. And don't get me started on the cost of hiring the average "in which iso (sic) layer is routing" MCSE around.

/Pedro

Re:People are inherently stupid

[maxpublic]

What moron would compare an MCSE to a doctor? Sounds like a dim-witted MS goon with delusions of grandeur.

Max

Re:People are inherently stupid

[pmsr]

Your post sounds like a case of classical penis envy to me... and after reading from your journal, seems that you, tired of the situation, one day you called work sick and decided to declare shrunk as a new personal standard.

/Pedro

Re:People are inherently stupid

[pmsr]

Wishfull thinking at full rage, eh? A drop of self delusion and we have ... you! You must make mommy proud, right?

/Pedro

Re:People are inherently stupid

Just because someone is an MCSE doesn't mean they are stupid because of it. What about the CCIE MCSE CNA folks out there who work their asses off an know more about Unix than the morons who go the the Red Hat cert? Real bright to always throw a group together by the lowest common denominator. Jesus.

Re:People are inherently stupid

"And facts do show that doctors indeed expect to get well rewarded just because they are doctors, even with no previous experience whatsoever". Of course you should reward education! Sounds like you don't really know what doctors get paid when they're fresh out of school. In Canada it's about 40K and according to my brother in law (who's doing surgery) McDonalds pays better hour-for-hour. Does education get rewarded? Sure but not really that much when compared to experience. This of course hinges on MSCE being considered "education" (MCP is kind of a scam. "Hey let's all take the IE 5.5 exam". Sheesh).

gui

[thanjee]

With the popularity of IIS servers on the rise maybe it is time that Apache gets a GUI and setup wizard option.

Re:gui

If they want an insecure system let them have it. We know how to configure our apache using our hands!

Re:gui

[mshiltonj]

With the popularity of IIS servers on the rise maybe it is time that Apache gets a GUI and setup wizard option.


That's what determine's market share? Tabs and dropdown?!

Re:gui

[thanjee]

Apparently.

If it's not the tabs and dropdowns that are causing the rise then what is? It surely isn't the security or stability.

Re:gui

[bilbobuggins]

any of us who work in a small company and have some direct experience with the product you made going to market have learned the hard way that often gui's and gimmicks are the #1 selling point.
yes, it's depressing but incredibly true.

this is largely what the open source movement is missing right now. decent gui/interface designers/coders. whether it's:
a) b/c it's not as interesting as the guts
b) b/c they don't feel as l33t
there really don't seem to be enough (any) people who will step up to a project and volunteer to make a lot of buttons etc. i would love to say i was a GUI coder (it's just that i can't draw and am told that my ideas of an intuitive interface suck) but if open source _ever_ wants to compete seriously w/ MS this is what we need. after all it's really MS's real product, how it works doesn't matter to most people but it's fun to click on and looks pretty.

the point is i made more headway with my boss/the sales staff with one transparent terminal than a whole month of preaching about MS evils...

Speaking of NetCraft...

[Craig+Ringer]

You know MS/UniSys's new anti-UNIX site www.wehavethewayout.com? Well take a look at what NetCraft reports</a>
- and compare to the results of a<br>
lynx -head http://www.wehavethewayout.com<br>
command. Interesting. Has MS fiddled the server, and NetCraft is pulling some tricks to get the truth, or is NetCraft pulling a "funny" one?

Re:Speaking of NetCraft...

[haukex]

Anyone notice the heading of one of the "reports" on that site?

"Trends in Large Data Centers - Candid Interviews with 300 Top Executives" - Based on candid interviews with 300 IT Executives.

... and I almost thought they'd base a report like that on the random utterings of 300 monkeys...

Re:Speaking of NetCraft...

Fixed link: NetCraft reports

Cnet article on it

Re:Speaking of NetCraft...

Read NetCraft's FAQ for why all of the data they collect are essentially guesses. It's simply not technically possible for them to get everything right.

Re:Speaking of NetCraft...

For over two years Netcraft identified our company's Sun machine as running Irix. Go figure. Take what Netcraft says with a grain of salt. They have been known to make mistakes.

Re:Speaking of NetCraft...

[banky]

I believe you'll find that this is what's called "damage control". For some reason, the domain got parked on a FreeBSD box, and when MS (and Unisys) found out that they not looked like complete asses, they switched it, post-haste.

Re:Speaking of NetCraft...

[Craig+Ringer]

Fair enough, they _are_ only guesses. However it is especially bizarre given that the system appears to be clearly identified by everything else, and even tells you it's running IIS in the HTTP header. I've found NetCraft to get it right almost every time - the only time I tricked it was when I hooked my old Mac LCIII up to the 'net and ran some old HTTP server (don't remember what) off it. It got the server right but hadn't the foggiest what the OS was.
Anyway - of all the things NetCraft could get wrong, Apache/IIS and *nix/Win are two mix-ups it doesn't tend to make.

Re:Speaking of NetCraft...

[leviramsey]

Based on candid interviews with 300 IT Executives.
... and I almost thought they'd base a report like that on the random utterings of 300 monkeys...

Didn't they?

Re:Speaking of NetCraft...

[dietz]

Absolutely. I checked them when the first slashdot story was posted and the Server: header definitely said Apache on UNIX (it wasn't specific about which UNIX, as is standard with Apache).

The must've switched it once people started noticing.

Re:Speaking of NetCraft...

[ThePilgrim]

Having tried, and failed, to get a job at NetCraft, I learn't several things about how they do the survey.

Most of the OS sampaling is done by analysing the packets from the TCP/IP Stack and not from taking the HTTP header at face value.

Re:Speaking of NetCraft...

[jmu1]

Damage control, shamage control... tracer.
They just did what most 'persons' with too much money and no time to do anything themselves... they told someone else to do it. When that happens, you'll notice that the others do it the way they want to, in this case, on a FreeBSD setup.
"And now, we cut to the music..."

Network Solutions?

[Negadecimal]

register.com's domain name parking service switching to mostly IIS servers, which account for over 2 million of the 38 million sites surveyed. Ironically, a large number of the websites were defaced shortly thereafter.

Hmm...the SecurityFocus article only mentions Verisign/NetSol and their IIS servers.

Re:Network Solutions?

[T-Punkt]

The summary on /. ist not correct. Netcraft said:

Microsoft gains almost 2 million sites this month, primarily as a result of register.com and Network Solutions migrating their domain parking facilities to a Windows front end.

Shouldn't that be expectedly?

[mysticalreaper]

> Ironically, a large number of the websites were defaced shortly thereafter.

Umm... Shouldn't that read, "Expectedly, a large number of websites were defaced shortly thereafter." ?

Why? In *****s name WHY?

[wzzrd]

I seriously don't understand this. Why would ANYONE (and I mean ANYONE) even consider migrating his webservices to IIS? IMHO you must either be blind, deaf and mute or REALLY very incredibly unbelievably stupid!

I'm aware of the flame I am posting here, but be honest: do YOU understand this? I would have thought enough proof had been delivered the past few months (read: years) about the insecurity (and blunt evilness, really) of IIS. For heavens sake, if insecurity is proven over and over and over why make the step TO IIS instead of FROM IIS (to something else, ANYTHING else).

Apache runs under windows if you really must use that OS, Apache isn't THAT hard to set up and most important of all: Apache isn't THAT insecure. Gimme a -zillion for this flame, come on, I know what I know, I know a webserver running IIS belonging to a friend of mine got hacked last week. I know mine got hacked once (before I put on Apache) and I know many, many, MANY more IIS servers will get hacked until admin's turn into roots (or at least surf by www.apache.org).

Do yourself a favor: think twice about IIS...

Re:Why? In *****s name WHY?

Why? Easy, MS sees 2million website running on a competitors product, they pay the site to change, their numbers go up in netcraft, it makes them look good. Anyone not beleive this is what happened?

Re:Why? In *****s name WHY?

[uberjon]

I totally agree, apache are very easy to setup for windows ( especially NT/2K/XP ). What I don't understand is if you are going to be running apache why not go all the way and use linux/*BSD for your webserver or hell even a commercial UNIX variant. Remember when you are paying money for Solaris/AIX/HP-UX machines you (should) get tech-support. Evan the commercial versions of linux ( Redhat Pro., Suse Pro., etc ) have some sort of customer support.

Re:Why? In *****s name WHY?

[lux55]

What's even more f***ed is that the rate of Apache sites dropping off is practically even with the rate of IIS sites sprouting up.

The Apache Foundation or Covalent or somebody should start advertising that using Apache is like playing Russian Roulette with your company's future. Maybe then people will listen.

Re:Why? In *****s name WHY?

"The Apache Foundation or Covalent or somebody should start advertising that using Apache is like playing Russian Roulette with your company's future. Maybe then people will listen."

Um, ever hear of PROOFREADING?

How about PREVIEW?

moron.

Re:Why? In *****s name WHY?

[Black+Parrot]

> I seriously don't understand this. Why would ANYONE (and I mean ANYONE) even consider migrating his webservices to IIS? IMHO you must either be blind, deaf and mute or REALLY very incredibly unbelievably stupid!

Lessee... Who makes the decision, a PHB or the sukka who has to keep things running? And who wines and dines the most PHBs, Micorsoft or the Apache developers?

The only surprise is that Apache is being used at all.

Re:Why? In *****s name WHY?

[WildBeast]

They probably wanted to take advantage of .NET or something like that.

Re:Why? In *****s name WHY?

[dduck]

Well, you might want to consider that the obvious strategy for MS to recapture marketshare is to give huge custumors a sweet deal - in other words dumping the prices.

I have heard of several cases (all off the record, obviously) where MS has done just that. Wouldn't you consider switching if you were offered free (or almost free) licenses for all software in the MS catalog?

IMHO we are seeing the first signs of MS fighting back in the back office segment in ernest. This is not going to be pretty...

Re:Why? In *****s name WHY?

[rseuhs]

While Microsoft is good at bribing big hosting sites to tweak statistics, the reality looks a bit different, IIS marketshare declined significantly since the Code-Red attacks:

look for yourself

Nice is Japan and Germany

People who actually have to pay for IIS *are* switching to Apache, and only very few new companies start with IIS.

Re:Why? In *****s name WHY?

As a former MS employee and MS lover, I couldn't agree with you more. IIS is a goat screw, always has been. The programmers on the original were idiots. Bet you didnt guess that. Its unsavable, I dont see why they havent noticed that yet.

Re:Why? In *****s name WHY?

[Ami+Ganguli]

Whoops, you linked to the Japanese stats both times. Here's Germany.

The most interesting, though, is this breakdown that ranks sites in a Google-like manner. Apache and IIS both lose a little to Netscape and "other" (also Apache perhaps?), but I think that's the fairest way to compare market share.

Re:Why? In *****s name WHY?

[rseuhs]

Huh?

Apache is in all 3 categories at or near the all-time high!

BTW, all sites on securityspace are referred sites, so there are no parked domains in the other statistics either.

Re:Why? In *****s name WHY?

they have noticed it. IIS 6 is a rewrite. this is not to say that it will be "good" or "secure," just that they cut their losses on the original IIS codebase

Re:Why? In *****s name WHY?

[Ami+Ganguli]

I meant that Nescape & others do better in the weighted results than in the unweighted results. Certainly Apache dominates the market no matter which way you cut it. Even the SSL market, aparently, which wasn't the case a year or two ago.

Re:Why? In *****s name WHY?

[rseuhs]

Compared to IIS it dominates even more - in the unweigthed results, Apache runs about twice as many sites, in the weighted results about 3 to 4 times as many sites as IIS.

Ironically?

[WhaDaYaKnow]

Ironically, a large number of the websites were defaced shortly thereafter

Been listening to Alanis much lately? ;)

Dictionary.com says this about ironically: "contrary to plan or expectation"

Anybody that works in this industry for two days or more would know that things must have happened exactly as planned, or at least as to be expected.

Re:Ironically?

[blane.bramble]

Well, that *would* be ironic to the people who planned and made the change then, wouldn't it?

Re:Ironically?

[WhaDaYaKnow]

Well, that *would* be ironic to the people who planned and made the change then, wouldn't it?

It would be ironic if things did NOT go according to plan or as expected.

Having security issues with IIS and NOT expecting/having planned for it sounds stupid, not ironic.

Re:Uptime?

Microsoft Mod strikes again. What most ./'s don't know is that microsoft has secretly infiltrated ./ with mods that have a microsoft bias. Moderations like this are an easy way to spot them though.

Hmm, I don't think that's what MS/Unisys meant...

[UsonianAutomatic]

...when they said "We Have the Way Out!"

-1 Redundant, but isn't it interesting that the new anti-Unix site isn't among that 4% IIS increase (and not hacked).

Parked Domains

[Thrikreen]

I wonder, even though it's supposed to be a random survey, should there be allowances given for said parked/cybersquatted domains to not factor as much into the percentages? Or another page listing the compared results.

I mean, most of them would have some sort of template along the lines of "This domain at www.suchandsuch.com is currently Under Construction! / Available for Sale!". Wouldn't be hard to figure out some sort of % similar to another page rating (i.e. diff them and see how many lines are different).

Granted, it does mean you have to download the page (frames and popups would be annoying though) and waste some CPU cycles comparing the differences, but it would be interesting seeing how many websites of said survey are, say, 95% or higher similar to each other.

Re:Parked Domains

[Cardinal+Biggles]

They should publish # of pages instead of sites. With virtual hosting so widespread, the number of sites is not really a relevant number.

If Google counted the server type for each of the pages in their cache, that would me much more informative than the Netcraft site count.

Funny though, MS always claimed that Apache won the Netcraft numbers because of the 'unused sites' counting so heavily - could it be that they actively targeted those web farms in their marketing for this reason?

Re:Parked Domains

[technopinion]

Not to mention that just about all parked domains at any given registrar are probably on one server, and are likely even pointing at the same virtual site. Hack that one site, and you've just hacked thousands of domains.
Parked domains should *not* be counted in web-server surveys!

Whose responsibility?

[eric_suse]

Funny how Microsoft IIS doesn't show up in this part of the article. "While Verisign has the ultimate responsibility to its domain customers, the blame for the security breach falls squarely on Interland, he said." (Article in full) http://online.securityfocus.com/news/357

Re:Whose responsibility?

[eric_suse]

> Jumping to conclusions is fun, but I am usually not so quick to place responsibility. Yeah, good point(s).

HA...

"The system, which was running Microsoft's Internet Information Server (IIS) on Windows 2000..."

That about sums it up.

However, in conclusion: MWAH HaHaHaHaHaaaaaaaa

Deja-vu

[Adolf+Hitroll]

You are a moron, you're pre-digested comment rated as interesting denotes the weaknesses of crapdot !

Server share data for working sites

[rkgmd]

This data for *active* web servers (about 6 million total) seems to give a different picture---while apache lost 0.16% and IIS gained 0.40%, long-term (over the last year) apache grew, while IIS fell. Also, extrapolated future failure and growth rates seems to indicate that one is better off betting on apache than on IIS.

Re:Server share data for working sites

[leonbrooks]

while apache lost 0.16% and IIS gained 0.40%

Since the Verisign sites represent about 5% of NetCraft's sample, the implication is that about 4.5% of the advantage was eaten by Apache gains in the same interval. If that's so (I doubt it) Microsoft must be bending over backwards to win the web server stats war starting at the biggest sites, and meanwhile losing ground at the smallest sites.

Lies, damn lies and statistics. But if true, we'll `nickel and dime' them to death. (-:

Re:Server share data for working sites

[Perdo]

That begs the question.. If people choose apache because they are smart, and choose IIS because they are sheep, why do people choose Netscape, Zeus, Webstar and Website? What do those people know that we don't or are those people stuck by vendor lock-in? Are there certain webserving applications that are better suited to something besides Apache? Applications besides passport, that is...

Re:Server share data for working sites

[rkgmd]

Because of benchmarks like this? (Note how, ignoring the hardware cost for a moment, the top-of-the-line 16-processor IBM pSeries machine running zeus supports 2.5x more users than the best-available 8-processor IIS server.) Also, zeus (and, may be, netscape enterprise, etc.) is known to have better single-machine scalability because of serveral interesting I/O techniques it tends to use---these benefits are more pronounced when run on operating systems like solaris that support fine-grained user-level threads to kernel-level thread mappings. On top of the raw performance, many also support application-level clustering and redundancy (may be important for some portal sites that demand underlying data consistency, and, which, therefore, require more app-level work to scale-up/failover than just adding more server instances). However, for the vast majority of the sites out there that serve out mostly static and simple dynamic traffic, I think apache is more than sufficient (these sites tend to be bottlenecked by the n/w, not by the server), and I would pick apache anyday over IIS for simplicity, stability, and security reasons (even the humble tux server almost matches the best-available IIS5.0 on the same hardware in the benchmark above in terms of performance; there is no need to go into security/stability comparisons).

Re:Server share data for working sites

[johnnyb]

If people choose apache because they are smart, and choose IIS because they are sheep, why do people choose Netscape, Zeus, Webstar and Website? What do those people know that we don't or are those people stuck by vendor lock-in? Are there certain webserving applications that are better suited to something besides Apache?

*********

I think the point is, people who use IIS are sheep. There are many good webservers out there, Apache being an excellent example. For a quick list of features:

1) Apache - excellent security, modularity, and customizability

2) Netscape - excellent scalability (Apache might win here, though, when it hits 2.0)

3) Zeus - very, very fast

I don't know about the others. Basically, a lot of people have put out good webservers. Microsoft just isn't one of them.

Re:Server share data for working sites

[CrayzyJ]

"vast majority of the sites out there that serve out mostly static and simple dynamic traffic"

About 30% of all traffic is 'uncachable' dynamic content. (Cachability can be argued)

"I think apache is more than sufficient (these sites tend to be bottlenecked by the n/w, not by the server)"

no! no! no! CPU utilization is typically the bottleneck. Also, Apache is considered one of the most CPU intensive and (sorry) slowest HTTP servers. That is why you will not find it amoung the SPECweb99 Results [spec].

Re:Server share data for working sites

[praktike]

Basically, a lot of people have put out good webservers. Microsoft just isn't one of them.

imho, even IIS has its uses. i wouldn't use it on a public website, but it's fine and easy to maintain for corporate intranet sites, etc., where security and scalability aren't as important. there are plenty of advantages to IIS, such as dynamic generation of Office docs, etc. and if you're vigilant and hardworking, it can be pretty stable, too.

you stink

[Adolf+Hitroll]

if there are 4% more IIS, it is not because the increasing popularity of kro$oft but because BSD is dying!

So easy to hack, why pay for domain?

If the parked sites are so easy to hack why pay for that domain? Just put your stuff up there. :-)

Re:So easy to hack, why pay for domain?

[Hemos+(editor)]

I just looked up your IP address and located your personal machine at [censored] University.

Your comment was so funny that I have instituted one of our hidden features to allow you an infinite number of ad-less page views.

Congratulations, and thanks for contributing to my site!

- Hemos (editor), Not #2

Maybe it was for improved security

Do I have to post this again to remind you zealots that *nix is not the ultimate in security?

NetSol insane? Maybe just concerned with security. But don't let hard numbers fool you, just go ahead and believe what Linux zealots tell you.

VeriSign != Register.com

[pclinger]

The story points out that Register.com switched to IIS. And then the idiot who submitted the story points to an article "Hackers Deface Thousands Of Domains Parked At Verisign" (http://online.securityfocus.com/news/357) about domains getting hacked from Verisign, trying to make some connection there. NetSol is now known as Verisign. Register.com is not Verisign. They are two separate companies. Now, lets review:

Register.com switches to IIS
Verisign domains get hacked

Connection? None. So don't post anything that tries to make that connection.

Re:VeriSign != Register.com

[T-Punkt]

Read the Netcraft survey as well---the summary at /. ist not correct, Register.com and Network Solution switched to IIS.

I have an idea for a retaliation to MS/Unisys!

They say "We have the way out!";
just reply: "We have the way in!"!

Ironically? I think not. Also, economics.

[leonbrooks]

Ironically, a large number of the websites were defaced shortly thereafter

The word you're looking for is `inevitably', as in `Inevitably, a large number of recently-IISed websites were defaced soon after the transition'.

Or possibly a better (at least more accurate) headline would be `Massive webserver defacements entailed by massive webserver HTTP header defacements' (specifically, the `Server' header).

Wouldn't the extra hardware for serving and managing that many IIS sites be a significant and inhibitory cost factor?

nmap

[avij]

[anssi@verkko cgi-bin]# nmap -O -p 80-81 www.wehavethewayout.com

Starting nmap V. 2.54BETA22 ( www.insecure.org/nmap/ )
Interesting ports on www.wehavethewayout.com (130.94.214.143):
(The 1 port scanned but not shown below is in state: closed)
Port State Service
80/tcp open http

Remote OS guesses: Windows Me or Windows 2000 RC1 through final release, MS Windows2000 Professional RC1/W2K Advance Server Beta3, Windows Millenium Edition v4.90.3000

Nmap run completed -- 1 IP address (1 host up) scanned in 3 seconds

Re:nmap

[Craig+Ringer]

Interesting. I wasn't game to nmap them w/o permisson but I'm interested in the result. Either MS has done an amazing job at kludging a BSD system to look like Win2k/IIS - but NetCraft can detect it anyway somehow - or NetCraft has gone mad.

Anybody know more about this? I find it hard to believe that NetCraft would do this as an April 1 joke - its a bit over the line, and not too funny to boot...

(sorry for the stuffed links in my prevous post - serves me right for not previewing)

Re:nmap

[prs]

I nmaped them with the exact same command yesterday, and got a result of FreeBSD. I guess they changed the OS in a real hurry...

Re:Schisstrack ! !!!

Aber bitte, mein Herr!

Bei uns in Deutschland heisst das immer noch Scheissdreck!

Object lesson

[leonbrooks]

SANS seems to be off-air as at now. Perhaps there is a lesson in that, or perhaps they just moved to IIS?

Easier than reposting it would be understanding it yourself.

Re:Hmm, I don't think that's what MS/Unisys meant.

[kawaichan]

Blah... Don't you get it, the site used FreeBSD on purpose, "We have a way out" means that they have a way out of Windows. They are still working on the site so that they could put more information on FreeBSD and Apache. It's out fault that we went to the site too early while Microsoft's FrontPage experts are working hard to produce a state of the art website.

Web page update

[leonbrooks]

The whole Unix is Bad and Hard for Your Teeny Little Brain to Process strategy is apparently failing too since they're running the website on BSD.

Or were, until somebody noticed that many somebodies noticed.

IMHO, it would be cool to replace their homepage with:

<head><title>I dare you to type deltree /y \<title><head>
<body bgcolor="#000000">
<form action=./ method=post>
<h1 color="#00ff00">C:\> <input type=text></h1>
</form>
</body></head>

IIS

[AntiNorm]

Ironically, a large number of the websites were defaced shortly thereafter."

Of course, because IIS stands for "It Isn't Secure."

Re:IIS

> Of course, because IIS stands for "It Isn't Secure."

Oh. I've always thought it was 'Ideal Intrusion Server'.

Re:IIS

[Tony-A]

Internet Idiot's Server.
For them what think they's smart for buying Microsoft.

Beware of anyone richer than you who tells you that you're smart.

Lemmingtons: mothed inappropriate

[leonbrooks]

All of [a] sudden a pictures of lemmings jumping off a cliff materialized in front of me.

Lemmings don't actually do that. Perhaps a flock of moths orbiting a bonfire... orbiting... orbiting... spiralling in... `we see the light, and that light is Microsoft'

FWIW, piranha don't get vicious until they're thoroughly starved, and there are several species of vegetarian Piranha.

Re:Lemmingtons: mothed inappropriate

tho they don't jump off cliffs, lemmings in Scandinavia have been known to undergo population explosions which lead to mass migration. some eventually reach the ocean where they attempt to swim it and drown.

ya learn something new every day.

cheatexams.april fools day joke??

[systemaster]

what country is the cheatexams.com site in...must not be the US, cuz they use the time unit of "20 minutes hours" 1/2 way down main page. I usually avoid sites with such poor gramer, I suspect they are 1)an illeterate scamer 2)a forign scammer 3)forign busness that has little idea what they are actually selling. any one of those 3 spells trouble.

Re:cheatexams.april fools day joke??

You're trying to be funny, right?

Grammar? You don't know what grammar is, much less know how to spell it...

"illeterate" Nope! Blew it again, sparky! That word is spelled thusly: illiterate.

The word "scammer": you misspelled it once but spelled it correctly shortly after that. Good work!

"forign"... Ah! Smooth! That word is spelled "foreign".

What a clown YOU are.

Re:cheatexams.april fools day joke??

[Anonymous+DWord]

"Trouble" is about the only thing you spelt right in that post. "Illeterate?" Yikes...

Re:cheatexams.april fools day joke??

You're trying to be funny, right?

Read some of his other posts and that should answer your question. Sounds like he is high-school age.

Re:cheatexams.april fools day joke??

Uh, you mean "spelled"?

Re:cheatexams.april fools day joke??

[Anonymous+DWord]

Uh, no, I mean "spelt," the past tense and past participle of "spell."

Might I that legend find, By fairies spelt in mystic rhymes.

I found the solution

[avij]

I guess I found the reason for the strange server version information. Have a look at the HTML source for www.wehavethewayout.com and you'll notice that the form contents will be emailed to info@pmgdirect.com. Now, if you look at what www.pmgdirect.com is running you'll notice some similarities to www.wehavethewayout.com's information (note the OS differences, though).

[anssi@karhu anssi]$ lynx -head -dump http://www.pmgdirect.com/
HTTP/1.1 200 OK
Date: Tue, 02 Apr 2002 08:11:54 GMT
Server: Rapidsite/Apa/1.3.20 (Unix) FrontPage/4.0.4.3 mod_ssl/2.8.4 OpenSSL/0.9.6
Last-Modified: Thu, 08 Nov 2001 19:46:57 GMT
ETag: "f003735-144b-3beae131"
Accept-Ranges: bytes
Content-Length: 5195
Connection: close
Content-Type: text/html

Re:I found the solution

[Craig+Ringer]

Hmm... I don't think that makes sense really. I don't see why NetCraft would report the OS of www.wehavethewayout.com as that of www.pmgdirect.com just because one links to the other (that is, after all, all an action= form element is).
I think that, as suggested earlier, a bit of damage control may better explain it.
Does anybody know if NetCraft re-queries a site at _every_ user info request, or does it cache the results for a day? After all if it does no caching, the damage control explanation makes no sense - it should've changed in NetCraft too.
Bizarre...

Re:I found the solution

[avij]

What I really meant was this: pmgdirect.com (the marketing group that is running the campaign) had hosted the wehavethewayout.com site on THEIR OWN HARDWARE and the marketing company's OS of choice wasn't a Microsoft product. Of course, the web site has since then been moved to a box running Microsoft OS (the damage control part) and Netcraft hasn't yet caught up with the change. Netcraft does cache the results, see their FAQ.

Moral of the story: if you're promoting an operating system with the help of a marketing agency, make sure the marketing agency runs the web site in question on the "correct" operating system.

Re:I found the solution

[Craig+Ringer]

heh. So _very_ amusing. I wonder how many execs are hiding under tables 'till this one blows over...
I personally can't think of a better way of saying "We're just bashing UNIX because we're afraid of it, it actually works well enough that our partners use it by preference" than they've just managed.
Extract foot slowly and painfully from mouth *grin*.

Re: what about mac OSX with apache built in?

Surely that should instantly count to heaps of servers.

Done.

[leonbrooks]

maybe it is time that Apache gets a GUI and setup wizard option.

Mandrake Linux 8.2 Download Edition has at least 3, plus at least 3 GUI or browser based management tools for Apache. A site that big - and made entirely of lookalike pages - wouldn't use them.

Two or three new CodeReds down the track, more people will understand that doing things without knowing what you're doing is bad. Some already have.

What's "ironic" about that?

[gilgongo]

"Ironically, a large number of the websites were defaced..."

Where is the irony in that? They move to Windows, they get hacked. Depending on your point of view that's either bad luck or just plain stupid.

Ha ha april fool!

These april fool stories are so funny!! People running web servers on IIS.. *snort* that's hilarious!

Npt a breaking CNN story.

Well that's not a CNN story, but rather a trabia.net story. Next time register newscnn.com, cnnweb.com or something for your prank, and wget the graphics!

Safe to say that the NCSA server aint popular now

[boltar]

Guess it went the same way as Mosaic. Another pioneer bites the dust as seems to be the way
in the technology world.

wtf?

[autopr0n]

since when does register.com == verisign?

Well it would be hard to get the server wrong

[autopr0n]

Since the server name is sent as plain text with every page served...

MCSEs ARE blue collor. Don't kid yourself

[autopr0n]

Plumbers of the digital world are still plumbers.

Gotta check those facts

[xrayspx]

Not Register.com, Verisign/NetSol. The domains were parked at InterLand.

Granted, I knew all that before I read this article, but hey, the securityfocus article that was linked had all this information, would have been 4 seconds of Journalistic Research.

I'm too ornery in the morning. In any case, really big mass-defacement, really easily accomplished.

learn english damnit!

[kevin+lyda]

i'm a yank who lives overseas and i get all sorts of abuse regarding irony. irony is an unexpected outcome. defaced iis servers are not unexpected, therefore the word you meant to use was "Coincidentally."

thank you.

Re:learn english damnit!

[geekoid]

don't most yanks live overseas?
Cause if the didn't they wouodn't be yanks...
Now ain't that ironic?

Re:learn english damnit!

[CajunArson]

...therefore the word you meant to use was "Coincidentally."

I agree it definitely was not ironic, but don't
you think you ought to say "as would be expected" instead? :p

Ironically?

[OblongPlatypus]

Someone's concept of the meaning of the word "ironic" is even worse than Alanis Morissette's.

Uptime & MS

I know that this is a well known fact among most /. readers, but no one else commented on the lack of M$ II$ servers on the 'Sites with longest running systems by average uptime' page. I think that should have been the lead 'comment' appearing on the front of /. instead of just announcing the survey results. something like 'M$ cant keep it UP!'

Re:Uptime & MS

[sjlutz]

That's because Windows doesn't support uptime in the server headers... Why don't you read out it here: Netcraft Uptime

Comment removed

[account_deleted]

Comment removed based on user account deletion

Incident

[RageMachine]

Sounds similar to our 2000 mail server running SLMail, but it doesn't get hacked, it just bends over and crashes when it pleases. 1/3 OS problems, and 2/3 SLMail problems. Although it is vonerable, nobody cares to even mess with it. They would have nothing to gain by hacking it. Even if they did, we have a tape backup that can be restored in 15 minutes.

One guy managed to get into our old 486 running RedHat 6.0. (Before I got there. The boss knows nothing about Linux boxen) They left it immediatly since it din't have any CPU power for what they wanted. They must have had respect for it, because they patched it, and left a note on /dev/console that said they were sorry. LOL. Seriously. It had been up over a year. We just turned the services off, and updated Apache.

Active domains

[nullard]

They do have a section about active sites (explanation). You have to scroll halfway down the main page to see the graph. Apache's share grows to 64.37% while Microsoft's share drops to 26.81%.

bah. Spoilsport!

[hawk]

+1, informative? how about -2, spoilsport? or -3, kills cherished folklore?

:)

>FWIW, piranha don't get vicious until they're
>thoroughly starved, and there are several species
>of vegetarian Piranha.

See, I *told* you being a vegetarian was a bad idea. Even Piranhas know it makes you taste better . . .

hawk

Re:MCSEs ARE blue collor. Don't kid yourself

[saintlupus]

Plumbers of the digital world are still plumbers.

I'd be willing to bet that the average plumber makes more money than the average Slashdot reader.

No need to laugh at people for working with shit all day, be they a plumber or an MCSE.

--po' white saint

How is this ironical?

[gosand]

Ironically, a large number of the websites were defaced shortly thereafter.

How is this ironical? Irony something that is contrary to what was expected.

Netcraft?

www.netcraft.com is not responding to me.

Google gave a cache as recent as March.30, last time I checked. In the past minutes, I:

- checked with my cable ISP -- and they can't reach netcraft, too;

- tried a free alternative ISP, it can't get to netcraft, too.

What's the deal? Does anyone knows what would the explanation for this?

I'm in Brazil. Conectiva Linux 7.0. Tried Opera, Netscape, Dillo, Links... to no avail.

Any ideas?

If they are restrained from giving access outside the US, ok, I'd even find it logical. But I would like to know, at least...

Hmm... maybe they are even prohibited from telling anyone about this. Pretty lame if this is the case.

Thanks. Just curious... not a life or death question.

Hmmmm....

So if they're off the air, what does that say about all the data they collected? Maybe they did move to IIS, due to security concerns. I know Linux zealots tell you how insecure it is, but it's doing better than all *nixes.

I understand it, *nix is a bigger security threat than MS. Need further explaination?

filtering

[john_uy]

i hope that they do filter the sites that come from the different registrars. at the same time, when their system detects the default webpage (like apache), it should not be included in the stats.

one thing than can disrupt the results is to add any sites that end in .ph. the registrar in our country resolves any domains ending in .ph. if it is not registered, it says a message where you can buy it. this can seriously distory stats as i can keep on adding sites using any domain name.

:)

I'm sick of silly surveys

Just because some 5 mn lamers have some server to run their homepages (1-2 hits / month) does not make that server superior.
It's the real traffic load distribution between various servers not number of installations is that matters.
What are the those real numbers?

Search engine spammers...

[alexhmit01]

IIS 5.0 and now IIS 6.0 have a lot of extra support for maintaining and monitoring information from different sites on the same server. While Apache is great for really running different sites, IIS's reporting is apprently more interesting to the search engine spam sites that I've talked to.

Many of them run 5000-10000 domains on 1-2 IIS machines because IIS means they can monitor things with less technical staff. The acknowledge that Apache is better for the serving, but they like IIS's reporting better.

I wouldn't put too much stock in this stuff. I mean, who cares about an Apache/IIS popularity contest, use the server that matters.

Apache also isn't helpped that the 2.0 project went on forever AND most of us are still on 1.3. My understanding is that 2.0 introduces a lot of new features to be competitive with the IIS stuff, but none of us appear interested in learning to use it. I mean, I don't need my web server to do THAT much, PHP processing is more useful for me than Apache directives, so I don't care about more functionality.

Alex

Re:learn english damnit! (learn to spell)

"Damnit" should be spelled dammit.

And, instead of "coincidentally", I think "consequently" would have been more appropriate.

NCSA?

Whatever happened to NCSA?

defaced

[eudas]

were the sites defaced after the netcraft survey or after the switch to parking them on IIS servers? :)

eudas

Re:learn english damnit! (learn to spell)

[kevin+lyda]

perhaps, but it's actually spelled damnit.

and yes, consequently would also work.

i see no one has noticed the humor in the comment...

Thank you for informing: CheatExams.Com (Melina)

Hi there, Thanks a lot for informing us about the error. Such things to happen with the greatest of web sites and we are a small company of 30-40 professionals. Best Wishes Melina Marsh http://cheatexams.com

spelling

[systemaster]

Actually I just don't give a crap about spelling, at least at /. As someone elso pointed out, in reference to my other posts, I care little about my spelling or grammer. Of course most of my posting is done between 11pm and 1am, so that doesn't help. However my website, all written in vi, has zero spelling or grammer errors, and also passes W3cert, unlike redhat.com! Perhaps if my spelling/grammer bothers you that much you should mark me as a Foe. Not sure how that works but I think my posts get hidden from you or something. Although dispite my lack of english perfection I like to think once and a while I come up with a point worth sharing...so take it or leave it.

Real sites

[IamTheRealMike]

I'd be interested to see how many of them serve up the default page too - remember how IIS was being installed by default on 2K machines without their users knowing? How many of those hits aren't actually real websites?

A notty little problem

[leonbrooks]

I understand it, *nix is a bigger security threat than MS.

Not.

The problem arises because you trust the word of someone who can't add subtotals. All of the unique problems of Unix servers (includes all distributions of Linux and Solaris) taken together are easily outweighed by just one company, a company proven in court to be software pirates, theives, liars, monopolists and other things. It's not their paid word on this topic that you happen to be taking, is it, Coward?