Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

March Netcraft survey

Posted by Hemos on Tue Apr 02, 2002 01:17 AM
from the surveying-the-web dept.
The Internet
awptic writes "The March Netcraft survey is out. Among the changes is a 4% increase in the number of websites running IIS, primarily due, however, to register.com's domain name parking service switching to mostly IIS servers, which account for over 2 million of the 38 million sites surveyed. Ironically, a large number of the websites were defaced shortly thereafter."
+ -
story
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

March Netcraft survey 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • hacking parked domains. (Score:3, Interesting)

    by Transient0 (175617) on Tuesday April 02 2002, @01:20AM (#3269168) Homepage
    Interesting.
    If the parked domains can be hacked and defaced so easily, one has to wonder just how secure the rest of their system is, which is responsible not just for domain name serving, but must handle massive credit card traffic.

  • Not just register.com (Score:4, Informative)

    by Snowfox (34467) <snowfox@@@snowfox...net> on Tuesday April 02 2002, @01:20AM (#3269169) Homepage
    Not just register.com -- NetSol also moved much of its operations from UNIX systems to Windows systems, if you didn't have enough reason to question the sanity of NetSol already...

  • Trends (Score:3, Interesting)

    by Mattygfunk (517948) on Tuesday April 02 2002, @01:27AM (#3269182) Homepage
    It's interesting to see the trend occurring in the articles charts. It looks to me as if the trend has Apache leveling out and then dropping recently, and IIS use jumping hugely this year. Even accounting for register.com I see MS catching up strongly.
  • Does anybody know when Apache 2.0 will come out? It supposedly has great design improvements on Windows as compared to Apache 1.X. A lot of Windows users might give Apache more consideration once it comes out.

    • Re:Apache 2.0 (Score:4, Interesting)

      by tshak (173364) on Tuesday April 02 2002, @01:37AM (#3269204) Homepage
      We (being a primarly MS house) got so fed up with this IIS (4.0) box that we actually put Apache for Windows on it. The main issue was dynamic scripting for site creation. A Perl script written in less then an hour (with minimal Perl experience then that, and NO experience with httpd.conf) was much more efficient then a huge VBScript (written over a few days) that accessed the IIS Metabase. However, with IIS 6.0 all site configuration and creation can be done by simply interfacing with an XML file.
  • Several hundred thousand sites seem to have moved to this [Window based]system this month, and the drop in Netscape-Enterprise is largely a result of this. Ironically, many of the sites were hacked a few days later, Newsbytes reports.

    All of the sudden a pictures of lemmings jumping off a cliff materialized in front of me.
    • All of [a] sudden a pictures of lemmings jumping off a cliff materialized in front of me.


      Lemmings don't actually do that. Perhaps a flock of moths orbiting a bonfire... orbiting... orbiting... spiralling in... `we see the light, and that light is Microsoft'

      FWIW, piranha don't get vicious until they're thoroughly starved, and there are several species of vegetarian Piranha.
  • Here's what is next:

    A website listing the 10 largest companies with Administrator password == NULL

    Bleh... I've used Netcraft. It's pretty nice... you can find out what version of different software a webserver is running. Web pages like this though should emphasize how important it is to stay on top of the latest bugfixes... As often as exploits get posted for now outdated versions of software, not keeping things up-to-date is like hanging a "HackMePlease" sign on your back.

  • I guess that strategy isn't working out so swell.Or maybe it's all just an incredible coincidence. Given the promotional push (read:throwing money at) that Microsoft has given to the idea of their product on the big iron lately this isn't too surprising.

    The whole Unix is Bad and Hard for Your Teeny Little Brain to Process [wehavethewayout.com] strategy is apparently failing too since they're running the website on BSD.

  • Hacked Servers Outsourced to Interland (Score:4, Informative)

    by Anonymous Coward on Tuesday April 02 2002, @01:34AM (#3269199)
    According to the Security Focus article [securityfocus.com] the affected parking servers had been outsourced to Interland [interland.com]. Not really surprising, since Interland has left their servers vulnerable to various vulnerabilities [securityfocus.com] for months at times.

  • People are inherently stupid (Score:4, Insightful)

    by Kwikymart (90332) on Tuesday April 02 2002, @01:37AM (#3269206)
    Stupid people!

    Every day we hear about how companies choose to implement MS solutions (adds more to the problem, however) rather than better BSD/Linux solutions. "But it's cheaper to employ an MCSE!"... That may be so, but this route should only be taken if you dont care about the company's data.

    Fucking braindead corporations; spend the extra 15 thousand / year and protect your freaking data instead of throwing away your secrets. It's going to be cheaper down the road when you have to hire lawyers to start sueing people or lose business because people won't trust your braindead corporation with their credit cards.

  • Speaking of NetCraft... (Score:3, Interesting)

    by Craig Ringer (302899) on Tuesday April 02 2002, @01:47AM (#3269223) Homepage Journal
    You know MS/UniSys's new anti-UNIX site www.wehavethewayout.com? Well take a look at what <a href="http://uptime.netcraft.com/up/graph/?mode_u= off&mode_w=on&site=www.wehavethewayout.com &submit=Examine">
    NetCraft reports</a>
    - and compare to the results of a<br>
    lynx -head http://www.wehavethewayout.com<br>
    command. Interesting. Has MS fiddled the server, and NetCraft is pulling some tricks to get the truth, or is NetCraft pulling a "funny" one?
    • I believe you'll find that this is what's called "damage control". For some reason, the domain got parked on a FreeBSD box, and when MS (and Unisys) found out that they not looked like complete asses, they switched it, post-haste.

      • Re:nmap (Score:2, Interesting)

        by prs (18535)
        I nmaped them with the exact same command yesterday, and got a result of FreeBSD. I guess they changed the OS in a real hurry...
            • What I really meant was this: pmgdirect.com (the marketing group that is running the campaign) had hosted the wehavethewayout.com site on THEIR OWN HARDWARE and the marketing company's OS of choice wasn't a Microsoft product. Of course, the web site has since then been moved to a box running Microsoft OS (the damage control part) and Netcraft hasn't yet caught up with the change. Netcraft does cache the results, see their FAQ [netcraft.com].

              Moral of the story: if you're promoting an operating system with the help of a marketing agency, make sure the marketing agency runs the web site in question on the "correct" operating system.
        • Having tried, and failed, to get a job at NetCraft, I learn't several things about how they do the survey.

          Most of the OS sampaling is done by analysing the packets from the TCP/IP Stack and not from taking the HTTP header at face value.
  • register.com's domain name parking service switching to mostly IIS servers, which account for over 2 million of the 38 million sites surveyed. Ironically, a large number of the websites were defaced shortly thereafter.

    Hmm...the SecurityFocus article only mentions Verisign/NetSol and their IIS servers.
    • The summary on /. ist not correct. Netcraft said [netcraft.com]:
      Microsoft gains almost 2 million sites this month, primarily as a result of register.com and
      Network Solutions migrating their domain parking facilities to a Windows front end.
  • > Ironically, a large number of the websites were defaced shortly thereafter.

    Umm... Shouldn't that read, "Expectedly, a large number of websites were defaced shortly thereafter." ?
  • ...when they said "We Have the Way Out!" [slashdot.org]

    -1 Redundant, but isn't it interesting that the new anti-Unix site isn't among that 4% IIS increase (and not hacked).

  • Parked Domains (Score:3, Insightful)

    by Thrikreen (130120) on Tuesday April 02 2002, @02:12AM (#3269265)

    I wonder, even though it's supposed to be a random survey, should there be allowances given for said parked/cybersquatted domains to not factor as much into the percentages? Or another page listing the compared results.

    I mean, most of them would have some sort of template along the lines of "This domain at www.suchandsuch.com is currently Under Construction! / Available for Sale!". Wouldn't be hard to figure out some sort of % similar to another page rating (i.e. diff them and see how many lines are different).

    Granted, it does mean you have to download the page (frames and popups would be annoying though) and waste some CPU cycles comparing the differences, but it would be interesting seeing how many websites of said survey are, say, 95% or higher similar to each other.

  • Server share data for working sites (Score:5, Informative)

    by rkgmd (538603) on Tuesday April 02 2002, @02:36AM (#3269289)
    This data [securityspace.com] for *active* web servers (about 6 million total) seems to give a different picture---while apache lost 0.16% and IIS gained 0.40%, long-term (over the last year) apache grew, while IIS fell. Also, extrapolated [securityspace.com] future failure and growth rates seems to indicate that one is better off betting on apache than on IIS.
    • while apache lost 0.16% and IIS gained 0.40%

      Since the Verisign sites represent about 5% of NetCraft's sample, the implication is that about 4.5% of the advantage was eaten by Apache gains in the same interval. If that's so (I doubt it) Microsoft must be bending over backwards to win the web server stats war starting at the biggest sites, and meanwhile losing ground at the smallest sites.

      Lies, damn lies and statistics. But if true, we'll `nickel and dime' them to death. (-:
    • That begs the question.. If people choose apache because they are smart, and choose IIS because they are sheep, why do people choose Netscape, Zeus, Webstar and Website? What do those people know that we don't or are those people stuck by vendor lock-in? Are there certain webserving applications that are better suited to something besides Apache? Applications besides passport, that is...
      • If people choose apache because they are smart, and choose IIS because they are sheep, why do people choose Netscape, Zeus, Webstar and Website? What do those people know that we don't or are those people stuck by vendor lock-in? Are there certain webserving applications that are better suited to something besides Apache?

        *********

        I think the point is, people who use IIS are sheep. There are many good webservers out there, Apache being an excellent example. For a quick list of features:

        1) Apache - excellent security, modularity, and customizability

        2) Netscape - excellent scalability (Apache might win here, though, when it hits 2.0)

        3) Zeus - very, very fast

        I don't know about the others. Basically, a lot of people have put out good webservers. Microsoft just isn't one of them.

  • VeriSign != Register.com (Score:5, Informative)

    by pclinger (114364) on Tuesday April 02 2002, @02:43AM (#3269305) Homepage Journal
    The story points out that Register.com switched to IIS. And then the idiot who submitted the story points to an article "Hackers Deface Thousands Of Domains Parked At Verisign" (http://online.securityfocus.com/news/357) about domains getting hacked from Verisign, trying to make some connection there. NetSol is now known as Verisign. Register.com is not Verisign. They are two separate companies. Now, lets review:

    Register.com switches to IIS
    Verisign domains get hacked

    Connection? None. So don't post anything that tries to make that connection.
  • Ironically, a large number of the websites were defaced shortly thereafter

    The word you're looking for is `inevitably', as in `Inevitably, a large number of recently-IISed websites were defaced soon after the transition'.

    Or possibly a better (at least more accurate) headline would be `Massive webserver defacements entailed by massive webserver HTTP header defacements' (specifically, the `Server' header).

    Wouldn't the extra hardware for serving and managing that many IIS sites be a significant and inhibitory cost factor?

  • IIS (Score:3, Funny)

    by AntiNorm (155641) on Tuesday April 02 2002, @03:10AM (#3269346)
    Ironically, a large number of the websites were defaced shortly thereafter."

    Of course, because IIS stands for "It Isn't Secure."

  • Ha ha april fool! (Score:2, Funny)

    by Anonymous Coward
    These april fool stories are so funny!! People running web servers on IIS.. *snort* that's hilarious!

  • Gotta check those facts (Score:4, Informative)

    by xrayspx (13127) on Tuesday April 02 2002, @06:47AM (#3269670) Homepage
    Not Register.com [register.com], Verisign/NetSol [netsol.com]. The domains were parked at InterLand [interland.com].

    Granted, I knew all that before I read this article, but hey, the securityfocus article that was linked had all this information, would have been 4 seconds of Journalistic Research.

    I'm too ornery in the morning. In any case, really big mass-defacement, really easily accomplished.

  • Ironically? (Score:4, Funny)

    by OblongPlatypus (233746) on Tuesday April 02 2002, @07:27AM (#3269724)
    Someone's concept of the meaning of the word "ironic" is even worse than Alanis Morissette's.

  • Uptime & MS (Score:3, Interesting)

    by Anonymous Coward on Tuesday April 02 2002, @07:55AM (#3269774)
    I know that this is a well known fact among most /. readers, but no one else commented on the lack of M$ II$ servers on the 'Sites with longest running systems by average uptime [netcraft.com]' page. I think that should have been the lead 'comment' appearing on the front of /. instead of just announcing the survey results. something like 'M$ cant keep it UP!'


    • > I seriously don't understand this. Why would ANYONE (and I mean ANYONE) even consider migrating his webservices to IIS? IMHO you must either be blind, deaf and mute or REALLY very incredibly unbelievably stupid!

      Lessee... Who makes the decision, a PHB or the sukka who has to keep things running? And who wines and dines the most PHBs, Micorsoft or the Apache developers?

      The only surprise is that Apache is being used at all.

    • They probably wanted to take advantage of .NET or something like that.
    • Well, you might want to consider that the obvious strategy for MS to recapture marketshare is to give huge custumors a sweet deal - in other words dumping the prices.

      I have heard of several cases (all off the record, obviously) where MS has done just that. Wouldn't you consider switching if you were offered free (or almost free) licenses for all software in the MS catalog?

      IMHO we are seeing the first signs of MS fighting back in the back office segment in ernest. This is not going to be pretty...

    • While Microsoft is good at bribing big hosting sites to tweak statistics, the reality looks a bit different, IIS marketshare declined significantly since the Code-Red attacks:

      look for yourself [securityspace.com]

      Nice is Japan [securityspace.com] and Germany [securityspace.com]

      People who actually have to pay for IIS *are* switching to Apache, and only very few new companies start with IIS.

          • I meant that Nescape & others do better in the weighted results than in the unweighted results. Certainly Apache dominates the market no matter which way you cut it. Even the SSL market, aparently, which wasn't the case a year or two ago.

    • maybe it is time that Apache gets a GUI and setup wizard option.

      Mandrake Linux 8.2 Download Edition has at least 3, plus at least 3 GUI or browser based management tools for Apache. A site that big - and made entirely of lookalike pages - wouldn't use them.

      Two or three new CodeReds down the track, more people will understand that doing things without knowing what you're doing is bad. Some already have.

    • Well, maybe, just maybe, it wasn't IIS's fault they got hacked?

      IIS flaws aren't the only (or biggest) reason Windows boxes get hacked, you know, for example:

      Someone guesses a root password

      A trojan is installed and executed

      An employee is socially engineered into giving increased access to an outsider

      An employee is angry and defaces the machines

      Unchanged default passwords are exploited

      User error on the part of the hosting company

      Lack of proper security methodology and policy

      I mean, the article was very vague about what actually happened.

      Jumping to conclusions is fun, but I am usually not so quick to place responsibility.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.