The Government of Eswatini’s website, www.gov.sz, is running a cryptojacker. Cryptojackers use website visitors' CPU power to mine cryptocurrency, most often without their knowledge or permission. Data from archive.org suggests the JavaScript snippet was added to the site’s HTML source between 28th September and 6th October. WebMinePool cryptojacker injection on www.gov[.]sz. While sites that are kept open for long periods of time are often the most lucrative – the longer the victim’s browser tab is open, the more cryptocurrency can be mined — criminals are typically not fussy when deploying cryptojackers. Criminals can target large swathes of sites at once, including those using vulnerable or out-of-date software, compromised third-party JavaScript, or with easily guessable administrator credentials.

In the October 2021 survey we received responses from 1,179,448,021 sites across 265,426,928 unique domains and 11,388,826 web-facing computers. This reflects a loss of 8.59 million sites, but a gain of 1.07 million domains and 20,800 computers. The number of unique domains powered by the nginx web server grew by 789,000 this month, which has increased its total to 79.5 million domains and its leading market share to 29.9%. Conversely, Apache lost 753,000 domains and saw its second-place share fall to 24.7%. Meanwhile, Cloudflare gained 746,000 domains – almost as many as nginx – but it stays in fourth place with an 8.15% share while OpenResty's shrank slightly to 14.5%. Cloudflare also made strong progress amongst the top million websites, where it increased its share by 0.24 percentage points to 18.2%. nginx is in second place with a 22.5% (+0.12pp) share but has closed the gap on Apache which still leads with 24.0% after losing 0.21pp. Apache also continues to lead in terms of active sites, where it has a total of 48.0 million. However, it was the only major vendor to suffer a drop in this metric, with a loss of 277,000 active sites reducing its share down to 23.9% (-0.29pp). In terms of all sites, nginx lost the most (-9.99 million) but remains far in the lead with a total of 412 million. Apache vulnerability being actively exploited in the wild Apache 2.4.51 was released on 7 October. This is the latest release in the 2.4.x stable branch, which the developers consider to be the best available version of the Apache HTTP Server; but more importantly, this release fixes a path traversal vulnerability present in Apache 2.4.49 and 2.4.50. Apache 2.4.50 was itself released a day earlier in an attempt to fix the vulnerability present in 2.4.49, but the fix was found to be insufficient. The vulnerability is being actively exploited in the wild, so anyone still running an unpatched Apache 2.4.49 or 2.4.50 installation should upgrade immediately. In some cases, the path traversal vulnerability could facilitate remote code execution on the web server. Due to the nature of this vulnerability, some otherwise vulnerable installations may be immune to attack if a web application firewall (WAF) is in place, or if a frontend proxy or load balancer modifies malicious requests in a way that makes them safe. For instance, all vulnerable Apache installations served via the Cloudflare content delivery network would have been protected from the outset if Normalize URLS to origin were enabled, and the Cloudflare WAF has rules that would have stopped many exploit attempts. Other vendor and hosting news During September, Microsoft released fixes for three elevation of privilege and one remote code execution vulnerabilities in the Open Management Infrastructure (OMI) framework, which is used by several Azure Virtual Machine management extensions. The remote code execution vulnerability can only affect customers using a Linux management solution with remote OMI enabled. A full list of the vulnerable extensions and update availability is being maintained on the Microsoft Security Response Center blog. Microsoft announced the general availability its Azure Purview data governance solution on 28 September. On 5 October, Microsoft removed the waiting list for its Azure NetApp Files bare-metal cloud file storage and data management service. lighttpd 1.4.60 was released on 3 October. This version includes a large number of changes, including several bugfixes and improved handling of HTTP/2 connections. LiteSpeed Web Server 6.0.9 was released on 20 September to address several bugs and add a new log rotation feature. OpenLiteSpeed 1.7.14 – the open source edition of LiteSpeed Web Server Enterprise – was released on 7 September. DeveloperSeptember 2021PercentOctober 2021PercentChange nginx422,211,70335.54%412,222,22134.95%-0.59 Apache295,667,36124.89%290,462,41024.63%-0.26 OpenResty77,052,3706.49%76,038,5766.45%-0.04 Cloudflare56,362,3634.74%57,482,1034.87%0.13

Rank Performance Graph OS Outagehh:mm:ss FailedReq% DNS Connect Firstbyte Total 1 New York Internet (NYI) FreeBSD 0:00:00 0.000 0.554 0.061 0.121 0.122 2 Bigstep Linux 0:00:00 0.000 0.201 0.063 0.125 0.125 3 CWCS Managed Hosting Linux 0:00:00 0.000 0.247 0.066 0.132 0.132 4 Dinahosting Linux 0:00:00 0.000 0.202 0.073 0.147 0.147 5 Swishmail Linux 0:00:00 0.000 0.229 0.096 0.192 0.192 6 ServerStack Linux 0:00:00 0.000 0.213 0.100 0.200 0.200 7 Pair Networks Linux 0:00:00 0.000 0.365 0.116 0.232 0.232 8 GoDaddy.com Inc Linux 0:00:00 0.007 0.419 0.008 0.033 0.035 9 Rackspace Linux 0:00:00 0.007 0.489 0.010 0.020 0.020 10 Hyve Managed Hosting Linux 0:00:00 0.007 0.138 0.073 0.145 0.145 See full table In September 2021, New York Internet (NYI) had the most reliable hosting company site: it responded to all of Netcraft’s requests, with an average connection time of 61ms. NYI has appeared in the top 10 table seven times in 2021 so far. Customers can choose from a range of cloud, colocation, bare metal and managed solutions. Bigstep, CWCS Managed Hosting and Dinahosting appear in second, third and fourth places. Bigstep came close to NYI in average connection time, averaging 63ms. CWCS and Dinahosting both followed, averaging 66ms and 73ms respectively. Bigstep’s bare metal cloud hosting provides the flexibility of cloud hosting without the associated overhead and performance reductions of virtualization. The bare metal offerings are available in data centres in the UK and Romania. CWCS provides dedicated servers along with cloud services, as well as domain registration and VPS hosting. CWCS has data centres across the UK, as well as North America. Dinahosting provides cloud hosting and domain registration services, with data centres located at Interxion and Global Switch, in Madrid. The top hosting company in September used FreeBSD, whilst the rest of the top 10 used Linux. This marks the first time in 2021 that a non-Linux provider has been the most reliable host, but Linux remains clearly dominant in the top 10 throughout this year.

In the September 2021 survey we received responses from 1,188,038,392 sites across 264,360,621 unique domains and 11,368,033 web-facing computers. This reflects a loss of 23.4 million sites, but a gain of 627,000 domains and 40,300 computers. The largest increase in both unique domains and active sites was seen by LiteSpeed this month, with gains of 571,000 (+9.3%) domains and 458,000 (+6.0%) active sites. Much of this increase was concentrated at a single hosting provider, NameCheap, where there were corresponding drops in the numbers of domains and active sites using Apache. As a result, LiteSpeed’s market share in the domains metric increased by 0.21 percentage points to 2.6%. Cloudflare also saw strong growth in domains, with an increase of 519,000 resulting in a small increase in its market share to 7.90%. Amongst the million busiest websites Cloudflare had substantially the biggest increase in use, leaving it with an 18.0% market share. It is now just 44,000 sites or 4.4 percentage points of market share behind nginx in second position. Other server vendors to see increases in terms of unique domains include OpenResty which grew by 314,000 domains, and market leader nginx which grew by 195,000. Despite having only the fourth largest growth this month, nginx maintained its 29.8% market share. The number of web-facing computers using nginx has increased once again, whilst both Apache and Microsoft lost both in absolute numbers and market share. This month nginx saw an increase of 40,800 raising its market share to 37.2%. Apache and Microsoft each lost 0.24 percentage points of market share to leave them with 30.8% and 11.9% shares. LiteSpeed gained 4,660 computers (+5.9%). DeveloperAugust 2021PercentSeptember 2021PercentChange nginx441,930,79136.48%422,211,70335.54%-0.94 Apache305,180,85825.19%295,667,36124.89%-0.30 OpenResty75,516,2186.23%77,052,3706.49%0.25 Cloudflare55,830,6304.61%56,362,3634.74%0.14

Rank Performance Graph OS Outagehh:mm:ss FailedReq% DNS Connect Firstbyte Total 1 www.choopa.com Linux 0:00:00 0.000 0.262 0.003 0.020 0.020 2 Aruba Linux 0:00:00 0.000 0.412 0.005 0.026 0.026 3 Bigstep Linux 0:00:00 0.000 0.200 0.062 0.125 0.125 4 CWCS Managed Hosting Linux 0:00:00 0.000 0.250 0.068 0.134 0.134 5 Hyve Managed Hosting Linux 0:00:00 0.000 0.143 0.073 0.148 0.148 6 ServerStack Linux 0:00:00 0.000 0.214 0.100 0.201 0.201 7 www.flexential.com Linux 0:00:00 0.000 0.248 0.104 0.208 0.208 8 Pair Networks Linux 0:00:00 0.000 0.369 0.118 0.235 0.235 9 GoDaddy.com Inc Linux 0:00:00 0.007 0.415 0.005 0.025 0.027 10 Rackspace Linux 0:00:00 0.007 0.485 0.007 0.017 0.017 See full table In August 2021, Choopa had the most reliable hosting company site: it responded to all of Netcraft’s requests, with an average connection time of 3ms. Choopa has appeared in the top 10 table five times in 2021 so far, also coming top in February and April of this year. Customers can choose from a range of cloud and managed solutions as well as register domain names. Aruba, Bigstep and CWCS Managed Hosting appear in second, third and fourth places. Aruba came close to Choopa in average connection time, averaging 5ms. Bigstep and CWCS Managed Hosting were both slower, averaging 62ms and 68ms. Aruba provides hosting, cloud and digital signature services, fiber optic internet, digital preservation, and much more, with data centers across Europe in the UK, Germany, Czechia, Poland, Italy and France. Bigstep’s bare metal cloud hosting provides the flexibility of cloud hosting without the associated overhead and performance reductions of virtualization. The bare metal offerings are available in data centres in the UK and Romania. CWCS provides dedicated servers along with cloud services, as well as a variety of other solutions. CWCS has data centres across the UK, as well as North America. All of the top 10 hosting company sites used Linux in August, making Linux clearly dominant in the top 10 throughout this year.

The US and others may have withdrawn from Afghanistan, but many Afghan Government websites and email addresses under the .gov.af top-level domain are still very much dependent on services hosted outside of the country – mostly in the US. By taking control of Afghanistan, the Taliban has inherited these government domains and now shares web hosting and mail servers with several other governments around the world, including the UK Government. In many cases, emails sent to .gov.af domains will be routed through US-hosted servers, presenting intelligence opportunities if the new Taliban government were to continue using them.

Bagram, formerly the site of the largest US military base in Afghanistan. Over the past few weeks, the Taliban have taken control of substantially the whole of Afghanistan, with just Kabul Airport and the Panjshir Valley presently controlled by the US Military and the National Resistance Front of Afghanistan respectively. Yet the situation with Afghanistan’s internet infrastructure is quite different to what anyone following the mainstream media might reasonably expect, as Afghanistan’s key internet resources – domains, IP addresses, routing and government communications – are controlled by a diverse set of entities subject to Western jurisdictions. Who is in control of the .af domain? Presently, .af’s DNS is run using Anycast DNS services from Packet Clearing House, a San Francisco based not-for-profit organisation, and Gransy, a Czech registrar and registry services provider. Packet Clearing House provides free Anycast DNS services to “developing-country ccTLD registries”, and Gransy provides free Anycast DNS services to ccTLDs with fewer than 10,000 domains – .af has around 6K domains and is well within Gransy’s criteria for a free service.