ASP.NET App Suspend really helps Earlier this year, the IIS perf team tested the performance of the new Suspend feature. They compared resume from suspend and launch from terminate on a machine that was under load, which they thought represented a realistic scenario. The results were striking. The value of app suspend is two-part. It helps with both site density and startup latency. Ive already covered the mechanics behind startup latency. Sites startup faster because they are suspended in a ready to go state. Site density is also massively improved. It isnt a question of how many sites you can register for a single app pool. That is presumably unchanged. It is a question of how many sites that you can have in a ready to go state at once. For Windows Server 2012, thats limited to how many sites you can actually hold in memory at once. For Windows Server 2012 R2, its the combination of sites that are actively loaded and the much greater set that are suspended. Suspended sites still do take some amount of memory, but a small fraction of what an active site would take. We conducted an experiment to demonstrate how much ASP.NET App Suspend improves density. We ran the experiment on Windows Server 2012 and Windows Server 2012 R2. In both cases, we loaded up the machine (same machine) with sites until it hit 80% memory utilization, as measured by Windows perf counters. 80% is a good base utilization number, since it allows for memory spikes while the apps are running. For Windows Server 2012, we disabled the terminate timeout, and then loaded sites, 100 at a time, until we hit 80% memory utilization. For Windows Server 2012 R2, we set the suspend timeout at 1 min, and then loaded sites every minute, 100 at time, until we hit that same memory utilization. Naturally, those sites would all suspend. We were able to load 300 sites on Windows Server 2012 and 2100 sites on Windows Server 2012 R2, with suspend enabled. Thats a 7x increase! We also conducted another experiment, where we measured startup time. We had 1000 sites registered on the machine, which were an equal number of duplicates of four different .NET site packages (ex: DotNetNuke). We then hit each one of those 1000 sites in a round-robin fashion, in order to blow disk, memory and SQL caches (realistic effect for shared hosting). We took measurements, and averaged them for each site type, for both the cold startup and suspend cases. We also had another set of sites on the machine that we were hitting at the same time to create significant load on the machine. As a result, the numbers we recorded are biased towards worst case, for both cold start and resume for suspend scenarios.
For the original version including any supplementary images or video, visit http://blogs.msdn.com/b/dotnet/archive/2013/10/09/asp-net-app-suspend-responsive-shared-net-web-hosting.aspx
Forty-seven percent of all phishing strikes tape-recorded worldwide throughout the second fifty percent of 2012 entailed such mass break-ins, APWG pointed out in the most up to date edition of its Worldwide Phishing Study report published Thursday. In this sort of assault, once phishers break into a shared Hosting web server, they upgrade its configuration to ensure that phishing web pages are shown from a specific subdirectory of every website hosted on the web server, APWG claimed. A solitary shared holding server could hold lots, hundreds and even countless web sites each time, the organization claimed. (See likewise "Google Chrome leads the browser group at avoiding phishing, study finds.") APWG is a coalition of over 2000 companies that consist of security vendors, financial institutions, stores, ISPs, telecommunication business, defense professionals, police, profession teams, government firms and additional. Hacking into shared Hosting servers and hijacking their domain names for phishing functions is not a new strategy, but this type of harmful activity reached a peak in August 2012, when APWG found over 14,000 phishing attacks sitting on 61 servers. "Levels did decline in late 2012, however still stayed troublingly high," APWG stated. Phishing hopped in late 2012 During the second half of 2012, there were at least 123,486 unique phishing assaults worldwide that engaged 89,748 distinct domain, APWG pointed out. This was a substantial rise from the 93,462 phishing attacks and 64,204 linked domain names observed by the company during the very first half of 2012. "Of the 89,748 phishing domains, we identified 5835 domain that we believe were registered maliciously, by phishers," APWG stated. "The various other 83,913 domain names were almost all hacked or compromised on susceptible Web hosting." In order to get into such servers, assaulters exploit vulnerabilities in Internet server management panels like cPanel or Plesk and prominent Internet applications like WordPress or Joomla. "These attacks highlight the susceptibility of holding carriers and software, exploit fragile password administration, and provide plenty of reason to stress," the organization pointed out. Cybercriminals break into shared holding atmospheres in order to use their resources in different types of attacks, not just phishing, APWG pointed out. For example, since late 2012 a group of hackers has actually been compromising Internet web servers in order to launch DDoS (distributed denial-of-service) attacks against UNITED STATE financial institutions. In one mass attack project dubbed Darkleech, assaulters endangered thousands of Apache Web servers and installed SSH backdoors on them. It's unclear exactly how the Darkleech enemies burglarize these web servers to begin with, yet susceptabilities in Plesk, cPanel, Webmin or WordPress have actually been suggested as possible access points.
For the original version including any supplementary images or video, visit http://www.pcworld.com/article/2036452/hackers-increasingly-target-shared-web-hosting-servers-for-use-in-mass-phishing-attacks.html