March Netcraft survey 182
awptic writes "The March Netcraft survey is out.
Among the changes is a 4% increase in the number of websites
running IIS, primarily due, however, to register.com's domain
name parking service switching to mostly IIS servers, which account for over 2 million
of the 38 million sites surveyed.
Ironically, a large number of the websites were defaced shortly
thereafter."
Hack the Planet (Score:1)
RonB
Re:Hack the Planet (Score:2)
hacking parked domains. (Score:3, Interesting)
If the parked domains can be hacked and defaced so easily, one has to wonder just how secure the rest of their system is, which is responsible not just for domain name serving, but must handle massive credit card traffic.
Re:hacking parked domains. (Score:3, Informative)
Not just register.com (Score:4, Informative)
Re:Not just register.com (Score:2)
Hmm. Is there something about IIS 6.0 that makes it easier to do bulk hosting? Maybe it's time for a special Apache Cybersquatting Edition :-).
Object lesson (Score:2)
Easier than reposting it would be understanding it yourself.
A notty little problem (Score:2)
Not.
The problem arises because you trust the word of someone who can't add subtotals. All of the unique problems of Unix servers (includes all distributions of Linux and Solaris) taken together are easily outweighed by just one company, a company proven in court to be software pirates, theives, liars, monopolists and other things. It's not their paid word on this topic that you happen to be taking, is it, Coward?
Trends (Score:3, Interesting)
Re:Trends (Score:2)
Re:Trends (Score:1)
>because of the deployment of Win2000. The
>platform has fine matured as a server.
And given a few revisions, that last portion may finally mature as a sentence
hawk
Apache 2.0 (Score:2)
Re:Apache 2.0 (Score:4, Interesting)
They switch, regardless of the defacing risk (Score:5, Funny)
All of the sudden a pictures of lemmings jumping off a cliff materialized in front of me.
Lemmingtons: mothed inappropriate (Score:3, Informative)
Lemmings don't actually do that. Perhaps a flock of moths orbiting a bonfire... orbiting... orbiting... spiralling in... `we see the light, and that light is Microsoft'
FWIW, piranha don't get vicious until they're thoroughly starved, and there are several species of vegetarian Piranha.
bah. Spoilsport! (Score:1, Offtopic)
:)
>FWIW, piranha don't get vicious until they're
>thoroughly starved, and there are several species
>of vegetarian Piranha.
See, I *told* you being a vegetarian was a bad idea. Even Piranhas know it makes you taste better . .
hawk
Re:They switch, regardless of the defacing risk (Score:1, Troll)
Here's what is next... (Score:2, Insightful)
A website listing the 10 largest companies with Administrator password == NULL
Bleh... I've used Netcraft. It's pretty nice... you can find out what version of different software a webserver is running. Web pages like this though should emphasize how important it is to stay on top of the latest bugfixes... As often as exploits get posted for now outdated versions of software, not keeping things up-to-date is like hanging a "HackMePlease" sign on your back.
Focus on Security... (Score:2, Funny)
I guess that strategy isn't working out so swell.Or maybe it's all just an incredible coincidence. Given the promotional push (read:throwing money at) that Microsoft has given to the idea of their product on the big iron lately this isn't too surprising.
The whole Unix is Bad and Hard for Your Teeny Little Brain to Process [wehavethewayout.com] strategy is apparently failing too since they're running the website on BSD.
Web page update (Score:2)
Or were, until somebody noticed that many somebodies noticed.
IMHO, it would be cool to replace their homepage with:
<head><title>I dare you to type deltree
<body bgcolor="#000000">
<form action=./ method=post>
<h1 color="#00ff00">C:\> <input type=text></h1>
</form>
</body></head>
I knew that Interland stunk already (Score:1)
Re:I knew that Interland stunk already (Score:2, Interesting)
Hacked Servers Outsourced to Interland (Score:4, Informative)
People are inherently stupid (Score:4, Insightful)
Every day we hear about how companies choose to implement MS solutions (adds more to the problem, however) rather than better BSD/Linux solutions. "But it's cheaper to employ an MCSE!"... That may be so, but this route should only be taken if you dont care about the company's data.
Fucking braindead corporations; spend the extra 15 thousand / year and protect your freaking data instead of throwing away your secrets. It's going to be cheaper down the road when you have to hire lawyers to start sueing people or lose business because people won't trust your braindead corporation with their credit cards.
Re:People are inherently stupid (Score:1)
/Pedro
Re:People are inherently stupid (Score:1)
Max
MCSEs ARE blue collor. Don't kid yourself (Score:3, Funny)
Re:MCSEs ARE blue collor. Don't kid yourself (Score:2)
I'd be willing to bet that the average plumber makes more money than the average Slashdot reader.
No need to laugh at people for working with shit all day, be they a plumber or an MCSE.
--po' white saint
gui (Score:1, Interesting)
Done. (Score:2)
Mandrake Linux 8.2 Download Edition has at least 3, plus at least 3 GUI or browser based management tools for Apache. A site that big - and made entirely of lookalike pages - wouldn't use them.
Two or three new CodeReds down the track, more people will understand that doing things without knowing what you're doing is bad. Some already have.
Re:gui (Score:1)
That's what determine's market share? Tabs and dropdown?!
Speaking of NetCraft... (Score:3, Interesting)
NetCraft reports</a>
- and compare to the results of a<br>
lynx -head http://www.wehavethewayout.com<br>
command. Interesting. Has MS fiddled the server, and NetCraft is pulling some tricks to get the truth, or is NetCraft pulling a "funny" one?
Re:Speaking of NetCraft... (Score:1)
Anyone notice the heading of one of the "reports" on that site?
"Trends in Large Data Centers - Candid Interviews with 300 Top Executives" - Based on candid interviews with 300 IT Executives.
... and I almost thought they'd base a report like that on the random utterings of 300 monkeys...
Re:Speaking of NetCraft... (Score:1)
Didn't they?
nmap (Score:1)
Starting nmap V. 2.54BETA22 ( www.insecure.org/nmap/ )
Interesting ports on www.wehavethewayout.com (130.94.214.143):
(The 1 port scanned but not shown below is in state: closed)
Port State Service
80/tcp open http
Remote OS guesses: Windows Me or Windows 2000 RC1 through final release, MS Windows2000 Professional RC1/W2K Advance Server Beta3, Windows Millenium Edition v4.90.3000
Nmap run completed -- 1 IP address (1 host up) scanned in 3 seconds
Re:nmap (Score:1)
Anybody know more about this? I find it hard to believe that NetCraft would do this as an April 1 joke - its a bit over the line, and not too funny to boot...
(sorry for the stuffed links in my prevous post - serves me right for not previewing)
I found the solution (Score:1)
[anssi@karhu anssi]$ lynx -head -dump http://www.pmgdirect.com/
HTTP/1.1 200 OK
Date: Tue, 02 Apr 2002 08:11:54 GMT
Server: Rapidsite/Apa/1.3.20 (Unix) FrontPage/4.0.4.3 mod_ssl/2.8.4 OpenSSL/0.9.6
Last-Modified: Thu, 08 Nov 2001 19:46:57 GMT
ETag: "f003735-144b-3beae131"
Accept-Ranges: bytes
Content-Length: 5195
Connection: close
Content-Type: text/html
Re:I found the solution (Score:1)
I think that, as suggested earlier, a bit of damage control may better explain it.
Does anybody know if NetCraft re-queries a site at _every_ user info request, or does it cache the results for a day? After all if it does no caching, the damage control explanation makes no sense - it should've changed in NetCraft too.
Bizarre...
Re:I found the solution (Score:2, Interesting)
Moral of the story: if you're promoting an operating system with the help of a marketing agency, make sure the marketing agency runs the web site in question on the "correct" operating system.
Re:I found the solution (Score:1)
I personally can't think of a better way of saying "We're just bashing UNIX because we're afraid of it, it actually works well enough that our partners use it by preference" than they've just managed.
Extract foot slowly and painfully from mouth *grin*.
Re:nmap (Score:2, Interesting)
Re:Speaking of NetCraft... (Score:2)
Re:Speaking of NetCraft... (Score:1)
The must've switched it once people started noticing.
Re:Speaking of NetCraft... (Score:2)
They just did what most 'persons' with too much money and no time to do anything themselves... they told someone else to do it. When that happens, you'll notice that the others do it the way they want to, in this case, on a FreeBSD setup.
"And now, we cut to the music..."
Re:Speaking of NetCraft... (Score:1)
Anyway - of all the things NetCraft could get wrong, Apache/IIS and *nix/Win are two mix-ups it doesn't tend to make.
Re:Speaking of NetCraft... (Score:2)
Most of the OS sampaling is done by analysing the packets from the TCP/IP Stack and not from taking the HTTP header at face value.
Well it would be hard to get the server wrong (Score:2)
Network Solutions? (Score:2)
Hmm...the SecurityFocus article only mentions Verisign/NetSol and their IIS servers.
Re:Network Solutions? (Score:2)
Shouldn't that be expectedly? (Score:2, Funny)
Umm... Shouldn't that read, "Expectedly, a large number of websites were defaced shortly thereafter." ?
Why? In *****s name WHY? (Score:1, Troll)
I'm aware of the flame I am posting here, but be honest: do YOU understand this? I would have thought enough proof had been delivered the past few months (read: years) about the insecurity (and blunt evilness, really) of IIS. For heavens sake, if insecurity is proven over and over and over why make the step TO IIS instead of FROM IIS (to something else, ANYTHING else).
Apache runs under windows if you really must use that OS, Apache isn't THAT hard to set up and most important of all: Apache isn't THAT insecure. Gimme a -zillion for this flame, come on, I know what I know, I know a webserver running IIS belonging to a friend of mine got hacked last week. I know mine got hacked once (before I put on Apache) and I know many, many, MANY more IIS servers will get hacked until admin's turn into roots (or at least surf by www.apache.org).
Do yourself a favor: think twice about IIS...
Re:Why? In *****s name WHY? (Score:1)
I totally agree, apache are very easy to setup for windows ( especially NT/2K/XP ). What I don't understand is if you are going to be running apache why not go all the way and use linux/*BSD for your webserver or hell even a commercial UNIX variant. Remember when you are paying money for Solaris/AIX/HP-UX machines you (should) get tech-support. Evan the commercial versions of linux ( Redhat Pro., Suse Pro., etc ) have some sort of customer support.
Re:Why? In *****s name WHY? (Score:1)
The Apache Foundation or Covalent or somebody should start advertising that using Apache is like playing Russian Roulette with your company's future. Maybe then people will listen.
Re:Why? In *****s name WHY? (Score:2)
> I seriously don't understand this. Why would ANYONE (and I mean ANYONE) even consider migrating his webservices to IIS? IMHO you must either be blind, deaf and mute or REALLY very incredibly unbelievably stupid!
Lessee... Who makes the decision, a PHB or the sukka who has to keep things running? And who wines and dines the most PHBs, Micorsoft or the Apache developers?
The only surprise is that Apache is being used at all.
Re:Why? In *****s name WHY? (Score:2)
Re:Why? In *****s name WHY? (Score:2, Interesting)
I have heard of several cases (all off the record, obviously) where MS has done just that. Wouldn't you consider switching if you were offered free (or almost free) licenses for all software in the MS catalog?
IMHO we are seeing the first signs of MS fighting back in the back office segment in ernest. This is not going to be pretty...
Re:Why? In *****s name WHY? (Score:3, Informative)
look for yourself [securityspace.com]
Nice is Japan [securityspace.com] and Germany [securityspace.com]
People who actually have to pay for IIS *are* switching to Apache, and only very few new companies start with IIS.
Re:Why? In *****s name WHY? (Score:2)
Whoops, you linked to the Japanese stats both times. Here's Germany. [securityspace.com]
The most interesting, though, is this [securityspace.com] breakdown that ranks sites in a Google-like manner. Apache and IIS both lose a little to Netscape and "other" (also Apache perhaps?), but I think that's the fairest way to compare market share.
Re:Why? In *****s name WHY? (Score:2)
Apache is in all 3 categories at or near the all-time high!
BTW, all sites on securityspace are referred sites, so there are no parked domains in the other statistics either.
Re:Why? In *****s name WHY? (Score:3, Informative)
I meant that Nescape & others do better in the weighted results than in the unweighted results. Certainly Apache dominates the market no matter which way you cut it. Even the SSL market, aparently, which wasn't the case a year or two ago.
Re:Why? In *****s name WHY? (Score:2)
Ironically? (Score:1)
Been listening to Alanis much lately?
Dictionary.com [dictionary.com] says this about ironically: "contrary to plan or expectation"
Anybody that works in this industry for two days or more would know that things must have happened exactly as planned, or at least as to be expected.
Re:Ironically? (Score:1)
Well, that *would* be ironic to the people who planned and made the change then, wouldn't it?
Re:Ironically? (Score:1)
It would be ironic if things did NOT go according to plan or as expected.
Having security issues with IIS and NOT expecting/having planned for it sounds stupid, not ironic.
Hmm, I don't think that's what MS/Unisys meant... (Score:4, Insightful)
-1 Redundant, but isn't it interesting that the new anti-Unix site isn't among that 4% IIS increase (and not hacked).
Re:Hmm, I don't think that's what MS/Unisys meant. (Score:1)
Parked Domains (Score:3, Insightful)
I wonder, even though it's supposed to be a random survey, should there be allowances given for said parked/cybersquatted domains to not factor as much into the percentages? Or another page listing the compared results.
I mean, most of them would have some sort of template along the lines of "This domain at www.suchandsuch.com is currently Under Construction! / Available for Sale!". Wouldn't be hard to figure out some sort of % similar to another page rating (i.e. diff them and see how many lines are different).
Granted, it does mean you have to download the page (frames and popups would be annoying though) and waste some CPU cycles comparing the differences, but it would be interesting seeing how many websites of said survey are, say, 95% or higher similar to each other.
Re:Parked Domains (Score:2)
They should publish # of pages instead of sites. With virtual hosting so widespread, the number of sites is not really a relevant number.
If Google counted the server type for each of the pages in their cache, that would me much more informative than the Netcraft site count.
Funny though, MS always claimed that Apache won the Netcraft numbers because of the 'unused sites' counting so heavily - could it be that they actively targeted those web farms in their marketing for this reason?
Active domains (Score:1)
Real sites (Score:2)
Whose responsibility? (Score:1)
Re: (Score:3, Informative)
Server share data for working sites (Score:5, Informative)
Re:Server share data for working sites (Score:2)
Since the Verisign sites represent about 5% of NetCraft's sample, the implication is that about 4.5% of the advantage was eaten by Apache gains in the same interval. If that's so (I doubt it) Microsoft must be bending over backwards to win the web server stats war starting at the biggest sites, and meanwhile losing ground at the smallest sites.
Lies, damn lies and statistics. But if true, we'll `nickel and dime' them to death. (-:
Re:Server share data for working sites (Score:3, Interesting)
Re:Server share data for working sites (Score:2, Interesting)
Re:Server share data for working sites (Score:3, Informative)
*********
I think the point is, people who use IIS are sheep. There are many good webservers out there, Apache being an excellent example. For a quick list of features:
1) Apache - excellent security, modularity, and customizability
2) Netscape - excellent scalability (Apache might win here, though, when it hits 2.0)
3) Zeus - very, very fast
I don't know about the others. Basically, a lot of people have put out good webservers. Microsoft just isn't one of them.
VeriSign != Register.com (Score:5, Informative)
Register.com switches to IIS
Verisign domains get hacked
Connection? None. So don't post anything that tries to make that connection.
Re:VeriSign != Register.com (Score:5, Informative)
Ironically? I think not. Also, economics. (Score:3)
The word you're looking for is `inevitably', as in `Inevitably, a large number of recently-IISed websites were defaced soon after the transition'.
Or possibly a better (at least more accurate) headline would be `Massive webserver defacements entailed by massive webserver HTTP header defacements' (specifically, the `Server' header).
Wouldn't the extra hardware for serving and managing that many IIS sites be a significant and inhibitory cost factor?
IIS (Score:3, Funny)
Of course, because IIS stands for "It Isn't Secure."
Re:IIS (Score:2)
For them what think they's smart for buying Microsoft.
Beware of anyone richer than you who tells you that you're smart.
What's "ironic" about that? (Score:1)
Where is the irony in that? They move to Windows, they get hacked. Depending on your point of view that's either bad luck or just plain stupid.
Ha ha april fool! (Score:2, Funny)
wtf? (Score:2)
Gotta check those facts (Score:4, Informative)
Granted, I knew all that before I read this article, but hey, the securityfocus article that was linked had all this information, would have been 4 seconds of Journalistic Research.
I'm too ornery in the morning. In any case, really big mass-defacement, really easily accomplished.
learn english damnit! (Score:2)
thank you.
Re:learn english damnit! (Score:2)
Cause if the didn't they wouodn't be yanks...
Now ain't that ironic?
Re:learn english damnit! (learn to spell) (Score:2)
and yes, consequently would also work.
i see no one has noticed the humor in the comment...
Ironically? (Score:4, Funny)
Uptime & MS (Score:3, Interesting)
Incident (Score:1)
One guy managed to get into our old 486 running RedHat 6.0. (Before I got there. The boss knows nothing about Linux boxen) They left it immediatly since it din't have any CPU power for what they wanted. They must have had respect for it, because they patched it, and left a note on
How is this ironical? (Score:2)
How is this ironical? Irony something that is contrary to what was expected.
Search engine spammers... (Score:2)
Many of them run 5000-10000 domains on 1-2 IIS machines because IIS means they can monitor things with less technical staff. The acknowledge that Apache is better for the serving, but they like IIS's reporting better.
I wouldn't put too much stock in this stuff. I mean, who cares about an Apache/IIS popularity contest, use the server that matters.
Apache also isn't helpped that the 2.0 project went on forever AND most of us are still on 1.3. My understanding is that 2.0 introduces a lot of new features to be competitive with the IIS stuff, but none of us appear interested in learning to use it. I mean, I don't need my web server to do THAT much, PHP processing is more useful for me than Apache directives, so I don't care about more functionality.
Alex
Re:wow... (Score:5, Funny)
I am shocked. Shocked!
cheatexams.april fools day joke?? (Score:1)
Re:cheatexams.april fools day joke?? (Score:2)
Re:cheatexams.april fools day joke?? (Score:2)
Might I that legend find, By fairies spelt in mystic rhymes.
Re:wow... (Score:1)
Re:wow... (Score:1)
BTW, I hate the guts of those type of guys...