Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
The Internet

March Netcraft survey 182

awptic writes "The March Netcraft survey is out. Among the changes is a 4% increase in the number of websites running IIS, primarily due, however, to register.com's domain name parking service switching to mostly IIS servers, which account for over 2 million of the 38 million sites surveyed. Ironically, a large number of the websites were defaced shortly thereafter."
This discussion has been archived. No new comments can be posted.

March Netcraft survey

Comments Filter:
  • The best line from one of the worst movies ever. Um, Verisign - ever heard of S-E-C-U-R-I-T-Y ?

    RonB
  • by Transient0 ( 175617 ) on Tuesday April 02, 2002 @02:20AM (#3269168) Homepage
    Interesting.
    If the parked domains can be hacked and defaced so easily, one has to wonder just how secure the rest of their system is, which is responsible not just for domain name serving, but must handle massive credit card traffic.
  • by Snowfox ( 34467 ) <snowfox@MENCKENsnowfox.net minus author> on Tuesday April 02, 2002 @02:20AM (#3269169) Homepage
    Not just register.com -- NetSol also moved much of its operations from UNIX systems to Windows systems, if you didn't have enough reason to question the sanity of NetSol already...
    • Hmm. Is there something about IIS 6.0 that makes it easier to do bulk hosting? Maybe it's time for a special Apache Cybersquatting Edition :-).

  • Trends (Score:3, Interesting)

    by Mattygfunk ( 517948 ) on Tuesday April 02, 2002 @02:27AM (#3269182) Homepage
    It's interesting to see the trend occurring in the articles charts. It looks to me as if the trend has Apache leveling out and then dropping recently, and IIS use jumping hugely this year. Even accounting for register.com I see MS catching up strongly.
    • I think the past year has seen a rise in IIS because of the deployment of Win2000. The platform has fine matured as a server.

      • > I think the past year has seen a rise in IIS
        >because of the deployment of Win2000. The
        >platform has fine matured as a server.


        And given a few revisions, that last portion may finally mature as a sentence :)


        hawk

  • Does anybody know when Apache 2.0 will come out? It supposedly has great design improvements on Windows as compared to Apache 1.X. A lot of Windows users might give Apache more consideration once it comes out.
    • Re:Apache 2.0 (Score:4, Interesting)

      by tshak ( 173364 ) on Tuesday April 02, 2002 @02:37AM (#3269204) Homepage
      We (being a primarly MS house) got so fed up with this IIS (4.0) box that we actually put Apache for Windows on it. The main issue was dynamic scripting for site creation. A Perl script written in less then an hour (with minimal Perl experience then that, and NO experience with httpd.conf) was much more efficient then a huge VBScript (written over a few days) that accessed the IIS Metabase. However, with IIS 6.0 all site configuration and creation can be done by simply interfacing with an XML file.
  • by jsse ( 254124 ) on Tuesday April 02, 2002 @02:29AM (#3269188) Homepage Journal
    Several hundred thousand sites seem to have moved to this [Window based]system this month, and the drop in Netscape-Enterprise is largely a result of this. Ironically, many of the sites were hacked a few days later, Newsbytes reports.

    All of the sudden a pictures of lemmings jumping off a cliff materialized in front of me.
    • All of [a] sudden a pictures of lemmings jumping off a cliff materialized in front of me.


      Lemmings don't actually do that. Perhaps a flock of moths orbiting a bonfire... orbiting... orbiting... spiralling in... `we see the light, and that light is Microsoft'

      FWIW, piranha don't get vicious until they're thoroughly starved, and there are several species of vegetarian Piranha.
      • by hawk ( 1151 )
        +1, informative? how about -2, spoilsport? or -3, kills cherished folklore?


        :)


        >FWIW, piranha don't get vicious until they're
        >thoroughly starved, and there are several species
        >of vegetarian Piranha.


        See, I *told* you being a vegetarian was a bad idea. Even Piranhas know it makes you taste better . . .


        hawk

    • Lemmings is right. This trend to IIS from Apache started showing up right about the time Code Red and Nimda made it clear what a joke IIS is as a web server (as a paperweight, the box & CDs work great!) I can only conclude that pointy-haired bosses all over the world have simultaenously decided that if the thing's been trashed by three successive waves of malware, that all the bugs have been ironed out of the codebase by now. In other words, management are mindless cretins who deserve nothing but poking with sharp sticks, ridicule, and high-velocity custard pies.
  • Here's what is next:

    A website listing the 10 largest companies with Administrator password == NULL

    Bleh... I've used Netcraft. It's pretty nice... you can find out what version of different software a webserver is running. Web pages like this though should emphasize how important it is to stay on top of the latest bugfixes... As often as exploits get posted for now outdated versions of software, not keeping things up-to-date is like hanging a "HackMePlease" sign on your back.
  • I guess that strategy isn't working out so swell.Or maybe it's all just an incredible coincidence. Given the promotional push (read:throwing money at) that Microsoft has given to the idea of their product on the big iron lately this isn't too surprising.

    The whole Unix is Bad and Hard for Your Teeny Little Brain to Process [wehavethewayout.com] strategy is apparently failing too since they're running the website on BSD.

  • I used to have three domains with interland before getting a server. they always managed to screw things up. not long ago they merged with hostpro and things got really bad.
    How stupid do you have to be to say that you are the largest IIS host, and that you're proud of it?????
    anyway, they slashed the unix training for those people like crazy, promoted any real talent so you can never speak to them (level 3 tech my ass). they have a wonderful support secretary system now, to waste your time. if you're lucky they won't even assign a recycled IP address to your site and mess up your search placement, like they did to one of the sites. stay away from them at all costs. gs
  • by Anonymous Coward on Tuesday April 02, 2002 @02:34AM (#3269199)
    According to the Security Focus article [securityfocus.com] the affected parking servers had been outsourced to Interland [interland.com]. Not really surprising, since Interland has left their servers vulnerable to various vulnerabilities [securityfocus.com] for months at times.
  • by Kwikymart ( 90332 ) on Tuesday April 02, 2002 @02:37AM (#3269206)
    Stupid people!

    Every day we hear about how companies choose to implement MS solutions (adds more to the problem, however) rather than better BSD/Linux solutions. "But it's cheaper to employ an MCSE!"... That may be so, but this route should only be taken if you dont care about the company's data.

    Fucking braindead corporations; spend the extra 15 thousand / year and protect your freaking data instead of throwing away your secrets. It's going to be cheaper down the road when you have to hire lawyers to start sueing people or lose business because people won't trust your braindead corporation with their credit cards.
    • Flamebait or not, i dont know where people get the idea that is cheaper to employ a MCSE. Good professionals are hard to find, and they cost big bucks all the same. If companies looking to hire people take a MCSE at face value without considering anything else, then they just deserve an Enron like death. And facts do show that MCSE indeed expect to get well rewarded just because they are MCSE, even with no previous experience whatsoever. And don't get me started on the cost of hiring the average "in which iso (sic) layer is routing" MCSE around.

      /Pedro
  • gui (Score:1, Interesting)

    by thanjee ( 263266 )
    With the popularity of IIS servers on the rise maybe it is time that Apache gets a GUI and setup wizard option.
    • maybe it is time that Apache gets a GUI and setup wizard option.

      Mandrake Linux 8.2 Download Edition has at least 3, plus at least 3 GUI or browser based management tools for Apache. A site that big - and made entirely of lookalike pages - wouldn't use them.

      Two or three new CodeReds down the track, more people will understand that doing things without knowing what you're doing is bad. Some already have.

    • With the popularity of IIS servers on the rise maybe it is time that Apache gets a GUI and setup wizard option.


      That's what determine's market share? Tabs and dropdown?!
  • by Craig Ringer ( 302899 ) on Tuesday April 02, 2002 @02:47AM (#3269223) Homepage Journal
    You know MS/UniSys's new anti-UNIX site www.wehavethewayout.com? Well take a look at what <a href="http://uptime.netcraft.com/up/graph/?mode_u= off&mode_w=on&site=www.wehavethewayout.com &submit=Examine">
    NetCraft reports</a>
    - and compare to the results of a<br>
    lynx -head http://www.wehavethewayout.com<br>
    command. Interesting. Has MS fiddled the server, and NetCraft is pulling some tricks to get the truth, or is NetCraft pulling a "funny" one?
    • Anyone notice the heading of one of the "reports" on that site?

      "Trends in Large Data Centers - Candid Interviews with 300 Top Executives" - Based on candid interviews with 300 IT Executives.

      ... and I almost thought they'd base a report like that on the random utterings of 300 monkeys...

    • by avij ( 105924 )
      [anssi@verkko cgi-bin]# nmap -O -p 80-81 www.wehavethewayout.com

      Starting nmap V. 2.54BETA22 ( www.insecure.org/nmap/ )
      Interesting ports on www.wehavethewayout.com (130.94.214.143):
      (The 1 port scanned but not shown below is in state: closed)
      Port State Service
      80/tcp open http

      Remote OS guesses: Windows Me or Windows 2000 RC1 through final release, MS Windows2000 Professional RC1/W2K Advance Server Beta3, Windows Millenium Edition v4.90.3000

      Nmap run completed -- 1 IP address (1 host up) scanned in 3 seconds
      • Interesting. I wasn't game to nmap them w/o permisson but I'm interested in the result. Either MS has done an amazing job at kludging a BSD system to look like Win2k/IIS - but NetCraft can detect it anyway somehow - or NetCraft has gone mad.

        Anybody know more about this? I find it hard to believe that NetCraft would do this as an April 1 joke - its a bit over the line, and not too funny to boot...

        (sorry for the stuffed links in my prevous post - serves me right for not previewing)
        • I guess I found the reason for the strange server version information. Have a look at the HTML source for www.wehavethewayout.com [wehavethewayout.com] and you'll notice that the form contents will be emailed to info@pmgdirect.com. Now, if you look at what www.pmgdirect.com [pmgdirect.com] is running [netcraft.com] you'll notice some similarities to www.wehavethewayout.com's information [netcraft.com] (note the OS differences, though).

          [anssi@karhu anssi]$ lynx -head -dump http://www.pmgdirect.com/
          HTTP/1.1 200 OK
          Date: Tue, 02 Apr 2002 08:11:54 GMT
          Server: Rapidsite/Apa/1.3.20 (Unix) FrontPage/4.0.4.3 mod_ssl/2.8.4 OpenSSL/0.9.6
          Last-Modified: Thu, 08 Nov 2001 19:46:57 GMT
          ETag: "f003735-144b-3beae131"
          Accept-Ranges: bytes
          Content-Length: 5195
          Connection: close
          Content-Type: text/html
          • Hmm... I don't think that makes sense really. I don't see why NetCraft would report the OS of www.wehavethewayout.com as that of www.pmgdirect.com just because one links to the other (that is, after all, all an action= form element is).
            I think that, as suggested earlier, a bit of damage control may better explain it.
            Does anybody know if NetCraft re-queries a site at _every_ user info request, or does it cache the results for a day? After all if it does no caching, the damage control explanation makes no sense - it should've changed in NetCraft too.
            Bizarre...
            • by avij ( 105924 )
              What I really meant was this: pmgdirect.com (the marketing group that is running the campaign) had hosted the wehavethewayout.com site on THEIR OWN HARDWARE and the marketing company's OS of choice wasn't a Microsoft product. Of course, the web site has since then been moved to a box running Microsoft OS (the damage control part) and Netcraft hasn't yet caught up with the change. Netcraft does cache the results, see their FAQ [netcraft.com].

              Moral of the story: if you're promoting an operating system with the help of a marketing agency, make sure the marketing agency runs the web site in question on the "correct" operating system.
              • heh. So _very_ amusing. I wonder how many execs are hiding under tables 'till this one blows over...
                I personally can't think of a better way of saying "We're just bashing UNIX because we're afraid of it, it actually works well enough that our partners use it by preference" than they've just managed.
                Extract foot slowly and painfully from mouth *grin*.
      • Re:nmap (Score:2, Interesting)

        by prs ( 18535 )
        I nmaped them with the exact same command yesterday, and got a result of FreeBSD. I guess they changed the OS in a real hurry...
    • I believe you'll find that this is what's called "damage control". For some reason, the domain got parked on a FreeBSD box, and when MS (and Unisys) found out that they not looked like complete asses, they switched it, post-haste.
      • Absolutely. I checked them when the first slashdot story was posted and the Server: header definitely said Apache on UNIX (it wasn't specific about which UNIX, as is standard with Apache).

        The must've switched it once people started noticing.
      • Damage control, shamage control... tracer.
        They just did what most 'persons' with too much money and no time to do anything themselves... they told someone else to do it. When that happens, you'll notice that the others do it the way they want to, in this case, on a FreeBSD setup.
        "And now, we cut to the music..."
  • register.com's domain name parking service switching to mostly IIS servers, which account for over 2 million of the 38 million sites surveyed. Ironically, a large number of the websites were defaced shortly thereafter.

    Hmm...the SecurityFocus article only mentions Verisign/NetSol and their IIS servers.
    • The summary on /. ist not correct. Netcraft said [netcraft.com]:
      Microsoft gains almost 2 million sites this month, primarily as a result of register.com and
      Network Solutions migrating their domain parking facilities to a Windows front end.
  • > Ironically, a large number of the websites were defaced shortly thereafter.

    Umm... Shouldn't that read, "Expectedly, a large number of websites were defaced shortly thereafter." ?
  • I seriously don't understand this. Why would ANYONE (and I mean ANYONE) even consider migrating his webservices to IIS? IMHO you must either be blind, deaf and mute or REALLY very incredibly unbelievably stupid!

    I'm aware of the flame I am posting here, but be honest: do YOU understand this? I would have thought enough proof had been delivered the past few months (read: years) about the insecurity (and blunt evilness, really) of IIS. For heavens sake, if insecurity is proven over and over and over why make the step TO IIS instead of FROM IIS (to something else, ANYTHING else).

    Apache runs under windows if you really must use that OS, Apache isn't THAT hard to set up and most important of all: Apache isn't THAT insecure. Gimme a -zillion for this flame, come on, I know what I know, I know a webserver running IIS belonging to a friend of mine got hacked last week. I know mine got hacked once (before I put on Apache) and I know many, many, MANY more IIS servers will get hacked until admin's turn into roots (or at least surf by www.apache.org).

    Do yourself a favor: think twice about IIS...
    • I totally agree, apache are very easy to setup for windows ( especially NT/2K/XP ). What I don't understand is if you are going to be running apache why not go all the way and use linux/*BSD for your webserver or hell even a commercial UNIX variant. Remember when you are paying money for Solaris/AIX/HP-UX machines you (should) get tech-support. Evan the commercial versions of linux ( Redhat Pro., Suse Pro., etc ) have some sort of customer support.

    • What's even more f***ed is that the rate of Apache sites dropping off is practically even with the rate of IIS sites sprouting up.

      The Apache Foundation or Covalent or somebody should start advertising that using Apache is like playing Russian Roulette with your company's future. Maybe then people will listen.

    • > I seriously don't understand this. Why would ANYONE (and I mean ANYONE) even consider migrating his webservices to IIS? IMHO you must either be blind, deaf and mute or REALLY very incredibly unbelievably stupid!

      Lessee... Who makes the decision, a PHB or the sukka who has to keep things running? And who wines and dines the most PHBs, Micorsoft or the Apache developers?

      The only surprise is that Apache is being used at all.

    • They probably wanted to take advantage of .NET or something like that.
    • Well, you might want to consider that the obvious strategy for MS to recapture marketshare is to give huge custumors a sweet deal - in other words dumping the prices.

      I have heard of several cases (all off the record, obviously) where MS has done just that. Wouldn't you consider switching if you were offered free (or almost free) licenses for all software in the MS catalog?

      IMHO we are seeing the first signs of MS fighting back in the back office segment in ernest. This is not going to be pretty...

    • While Microsoft is good at bribing big hosting sites to tweak statistics, the reality looks a bit different, IIS marketshare declined significantly since the Code-Red attacks:

      look for yourself [securityspace.com]

      Nice is Japan [securityspace.com] and Germany [securityspace.com]

      People who actually have to pay for IIS *are* switching to Apache, and only very few new companies start with IIS.

      • Whoops, you linked to the Japanese stats both times. Here's Germany. [securityspace.com]

        The most interesting, though, is this [securityspace.com] breakdown that ranks sites in a Google-like manner. Apache and IIS both lose a little to Netscape and "other" (also Apache perhaps?), but I think that's the fairest way to compare market share.

        • Huh?

          Apache is in all 3 categories at or near the all-time high!

          BTW, all sites on securityspace are referred sites, so there are no parked domains in the other statistics either.

          • I meant that Nescape & others do better in the weighted results than in the unweighted results. Certainly Apache dominates the market no matter which way you cut it. Even the SSL market, aparently, which wasn't the case a year or two ago.

  • Ironically, a large number of the websites were defaced shortly thereafter

    Been listening to Alanis much lately? ;)

    Dictionary.com [dictionary.com] says this about ironically: "contrary to plan or expectation"

    Anybody that works in this industry for two days or more would know that things must have happened exactly as planned, or at least as to be expected.
    • Well, that *would* be ironic to the people who planned and made the change then, wouldn't it?

      • Well, that *would* be ironic to the people who planned and made the change then, wouldn't it?

        It would be ironic if things did NOT go according to plan or as expected.

        Having security issues with IIS and NOT expecting/having planned for it sounds stupid, not ironic.
  • by UsonianAutomatic ( 236235 ) on Tuesday April 02, 2002 @03:03AM (#3269251) Homepage
    ...when they said "We Have the Way Out!" [slashdot.org]

    -1 Redundant, but isn't it interesting that the new anti-Unix site isn't among that 4% IIS increase (and not hacked).

    • Blah... Don't you get it, the site used FreeBSD on purpose, "We have a way out" means that they have a way out of Windows. They are still working on the site so that they could put more information on FreeBSD and Apache. It's out fault that we went to the site too early while Microsoft's FrontPage experts are working hard to produce a state of the art website.
  • Parked Domains (Score:3, Insightful)

    by Thrikreen ( 130120 ) on Tuesday April 02, 2002 @03:12AM (#3269265)

    I wonder, even though it's supposed to be a random survey, should there be allowances given for said parked/cybersquatted domains to not factor as much into the percentages? Or another page listing the compared results.

    I mean, most of them would have some sort of template along the lines of "This domain at www.suchandsuch.com is currently Under Construction! / Available for Sale!". Wouldn't be hard to figure out some sort of % similar to another page rating (i.e. diff them and see how many lines are different).

    Granted, it does mean you have to download the page (frames and popups would be annoying though) and waste some CPU cycles comparing the differences, but it would be interesting seeing how many websites of said survey are, say, 95% or higher similar to each other.

    • They should publish # of pages instead of sites. With virtual hosting so widespread, the number of sites is not really a relevant number.

      If Google counted the server type for each of the pages in their cache, that would me much more informative than the Netcraft site count.

      Funny though, MS always claimed that Apache won the Netcraft numbers because of the 'unused sites' counting so heavily - could it be that they actively targeted those web farms in their marketing for this reason?

    • They do have a section about active sites [netcraft.com] (explanation). You have to scroll halfway down the main [netcraft.com] page to see the graph [netcraft.com]. Apache's share grows to 64.37% while Microsoft's share drops to 26.81%.

    • I'd be interested to see how many of them serve up the default page too - remember how IIS was being installed by default on 2K machines without their users knowing? How many of those hits aren't actually real websites?
  • Funny how Microsoft IIS doesn't show up in this part of the article. "While Verisign has the ultimate responsibility to its domain customers, the blame for the security breach falls squarely on Interland, he said." (Article in full) http://online.securityfocus.com/news/357
    • Well, maybe, just maybe, it wasn't IIS's fault they got hacked?

      IIS flaws aren't the only (or biggest) reason Windows boxes get hacked, you know, for example:

      Someone guesses a root password

      A trojan is installed and executed

      An employee is socially engineered into giving increased access to an outsider

      An employee is angry and defaces the machines

      Unchanged default passwords are exploited

      User error on the part of the hosting company

      Lack of proper security methodology and policy

      I mean, the article was very vague about what actually happened.

      Jumping to conclusions is fun, but I am usually not so quick to place responsibility.

  • by rkgmd ( 538603 ) on Tuesday April 02, 2002 @03:36AM (#3269289)
    This data [securityspace.com] for *active* web servers (about 6 million total) seems to give a different picture---while apache lost 0.16% and IIS gained 0.40%, long-term (over the last year) apache grew, while IIS fell. Also, extrapolated [securityspace.com] future failure and growth rates seems to indicate that one is better off betting on apache than on IIS.
    • while apache lost 0.16% and IIS gained 0.40%

      Since the Verisign sites represent about 5% of NetCraft's sample, the implication is that about 4.5% of the advantage was eaten by Apache gains in the same interval. If that's so (I doubt it) Microsoft must be bending over backwards to win the web server stats war starting at the biggest sites, and meanwhile losing ground at the smallest sites.

      Lies, damn lies and statistics. But if true, we'll `nickel and dime' them to death. (-:
    • That begs the question.. If people choose apache because they are smart, and choose IIS because they are sheep, why do people choose Netscape, Zeus, Webstar and Website? What do those people know that we don't or are those people stuck by vendor lock-in? Are there certain webserving applications that are better suited to something besides Apache? Applications besides passport, that is...
      • Because of benchmarks [internet.com] like this [specbench.org]? (Note how, ignoring the hardware cost for a moment, the top-of-the-line 16-processor IBM pSeries machine running zeus supports 2.5x more users than the best-available 8-processor IIS server.) Also, zeus (and, may be, netscape enterprise, etc.) is known to have better single-machine scalability because of serveral interesting [kegel.com] I/O techniques it tends to use---these benefits are more pronounced when run on operating systems like solaris that support fine-grained [freebsd.org] user-level threads to kernel-level thread mappings. On top of the raw performance, many also support application-level clustering and redundancy (may be important for some portal sites that demand underlying data consistency, and, which, therefore, require more app-level work to scale-up/failover than just adding more server instances). However, for the vast majority of the sites out there that serve out mostly static and simple dynamic traffic, I think apache is more than sufficient (these sites tend to be bottlenecked by the n/w, not by the server), and I would pick apache anyday over IIS for simplicity, stability, and security reasons (even the humble tux server almost matches the best-available IIS5.0 on the same hardware in the benchmark above in terms of performance; there is no need to go into security/stability comparisons).
      • If people choose apache because they are smart, and choose IIS because they are sheep, why do people choose Netscape, Zeus, Webstar and Website? What do those people know that we don't or are those people stuck by vendor lock-in? Are there certain webserving applications that are better suited to something besides Apache?

        *********

        I think the point is, people who use IIS are sheep. There are many good webservers out there, Apache being an excellent example. For a quick list of features:

        1) Apache - excellent security, modularity, and customizability

        2) Netscape - excellent scalability (Apache might win here, though, when it hits 2.0)

        3) Zeus - very, very fast

        I don't know about the others. Basically, a lot of people have put out good webservers. Microsoft just isn't one of them.
  • by pclinger ( 114364 ) on Tuesday April 02, 2002 @03:43AM (#3269305) Homepage Journal
    The story points out that Register.com switched to IIS. And then the idiot who submitted the story points to an article "Hackers Deface Thousands Of Domains Parked At Verisign" (http://online.securityfocus.com/news/357) about domains getting hacked from Verisign, trying to make some connection there. NetSol is now known as Verisign. Register.com is not Verisign. They are two separate companies. Now, lets review:

    Register.com switches to IIS
    Verisign domains get hacked

    Connection? None. So don't post anything that tries to make that connection.
  • Ironically, a large number of the websites were defaced shortly thereafter

    The word you're looking for is `inevitably', as in `Inevitably, a large number of recently-IISed websites were defaced soon after the transition'.

    Or possibly a better (at least more accurate) headline would be `Massive webserver defacements entailed by massive webserver HTTP header defacements' (specifically, the `Server' header).

    Wouldn't the extra hardware for serving and managing that many IIS sites be a significant and inhibitory cost factor?
  • IIS (Score:3, Funny)

    by AntiNorm ( 155641 ) on Tuesday April 02, 2002 @04:10AM (#3269346)
    Ironically, a large number of the websites were defaced shortly thereafter."

    Of course, because IIS stands for "It Isn't Secure."
  • "Ironically, a large number of the websites were defaced..."

    Where is the irony in that? They move to Windows, they get hacked. Depending on your point of view that's either bad luck or just plain stupid.

  • by Anonymous Coward
    These april fool stories are so funny!! People running web servers on IIS.. *snort* that's hilarious!
  • since when does register.com == verisign?
  • by xrayspx ( 13127 ) on Tuesday April 02, 2002 @07:47AM (#3269670) Homepage
    Not Register.com [register.com], Verisign/NetSol [netsol.com]. The domains were parked at InterLand [interland.com].

    Granted, I knew all that before I read this article, but hey, the securityfocus article that was linked had all this information, would have been 4 seconds of Journalistic Research.

    I'm too ornery in the morning. In any case, really big mass-defacement, really easily accomplished.

  • i'm a yank who lives overseas and i get all sorts of abuse regarding irony. irony is an unexpected outcome. defaced iis servers are not unexpected, therefore the word you meant to use was "Coincidentally."

    thank you.
  • Ironically? (Score:4, Funny)

    by OblongPlatypus ( 233746 ) on Tuesday April 02, 2002 @08:27AM (#3269724)
    Someone's concept of the meaning of the word "ironic" is even worse than Alanis Morissette's.
  • Uptime & MS (Score:3, Interesting)

    by Anonymous Coward on Tuesday April 02, 2002 @08:55AM (#3269774)
    I know that this is a well known fact among most /. readers, but no one else commented on the lack of M$ II$ servers on the 'Sites with longest running systems by average uptime [netcraft.com]' page. I think that should have been the lead 'comment' appearing on the front of /. instead of just announcing the survey results. something like 'M$ cant keep it UP!'
  • Sounds similar to our 2000 mail server running SLMail, but it doesn't get hacked, it just bends over and crashes when it pleases. 1/3 OS problems, and 2/3 SLMail problems. Although it is vonerable, nobody cares to even mess with it. They would have nothing to gain by hacking it. Even if they did, we have a tape backup that can be restored in 15 minutes.

    One guy managed to get into our old 486 running RedHat 6.0. (Before I got there. The boss knows nothing about Linux boxen) They left it immediatly since it din't have any CPU power for what they wanted. They must have had respect for it, because they patched it, and left a note on /dev/console that said they were sorry. LOL. Seriously. It had been up over a year. We just turned the services off, and updated Apache.
  • Ironically, a large number of the websites were defaced shortly thereafter.

    How is this ironical? Irony something that is contrary to what was expected.

  • IIS 5.0 and now IIS 6.0 have a lot of extra support for maintaining and monitoring information from different sites on the same server. While Apache is great for really running different sites, IIS's reporting is apprently more interesting to the search engine spam sites that I've talked to.

    Many of them run 5000-10000 domains on 1-2 IIS machines because IIS means they can monitor things with less technical staff. The acknowledge that Apache is better for the serving, but they like IIS's reporting better.

    I wouldn't put too much stock in this stuff. I mean, who cares about an Apache/IIS popularity contest, use the server that matters.

    Apache also isn't helpped that the 2.0 project went on forever AND most of us are still on 1.3. My understanding is that 2.0 introduces a lot of new features to be competitive with the IIS stuff, but none of us appear interested in learning to use it. I mean, I don't need my web server to do THAT much, PHP processing is more useful for me than Apache directives, so I don't care about more functionality.

    Alex

An authority is a person who can tell you more about something than you really care to know.

Working...