Linode 11th most popular host: VentureBeat

Great news. Hopefully we can get more people from GoDaddy and their abysmal security. I'd publish how bad the vulnerability is, but it will lead to tons of skript kiddies shutting down GoDaddy sites. Any reasonable hacker could probably find it easily.

Amazon is really p0wning the market.

I don't think cloudflare should be in that list, it's not a hosting company in any normal sense.

Cloudflare appears on the list because it's impossible for HostCabi to know which actual provider hosts Cloudflare protected sites. Once someone puts their site on Cloudflare, there's no way to know what their IP/provider/etc is. That's the point of it.

It's actually quite interesting to see how many of the top 100,000 most visited sites use Cloudflare protection, though, so I'm glad they left it on the graph.

@bkwrm:

Cloudflare appears on the list because it's impossible for HostCabi to know which actual provider hosts Cloudflare protected sites. Once someone puts their site on Cloudflare, there's no way to know what their IP/provider/etc is. That's the point of it.

Impossible? Impossible is a challenge :)

$ dig www.thesfmarathon.com

; <<>> DiG 9.8.1-P1 <<>> www.thesfmarathon.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25565
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 0

;; QUESTION SECTION:
;www.thesfmarathon.com.         IN      A

;; ANSWER SECTION:
www.thesfmarathon.com.  203     IN      CNAME   thesfmarathon.com.
thesfmarathon.com.      203     IN      A       141.101.116.15
thesfmarathon.com.      203     IN      A       141.101.117.15

;; AUTHORITY SECTION:
thesfmarathon.com.      172703  IN      NS      uma.ns.cloudflare.com.
thesfmarathon.com.      172703  IN      NS      sid.ns.cloudflare.com.

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Feb  5 23:47:35 2014
;; MSG SIZE  rcvd: 135

Oh dear, however will I find who is behind that?

$ dig direct.thesfmarathon.com

; <<>> DiG 9.8.1-P1 <<>> direct.thesfmarathon.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58122
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0

;; QUESTION SECTION:
;direct.thesfmarathon.com.      IN      A

;; ANSWER SECTION:
direct.thesfmarathon.com. 157   IN      A       198.58.111.238

;; AUTHORITY SECTION:
thesfmarathon.com.      172621  IN      NS      uma.ns.cloudflare.com.
thesfmarathon.com.      172621  IN      NS      sid.ns.cloudflare.com.

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Feb  5 23:48:57 2014
;; MSG SIZE  rcvd: 108

I wonder who 198.58.111.238 is?

$ nslookup 198.58.111.238
Server:         127.0.0.1
Address:        127.0.0.1#53

Non-authoritative answer:
238.111.58.198.in-addr.arpa     name = li607-238.members.linode.com.

Authoritative answers can be found from:
111.58.198.in-addr.arpa nameserver = ns4.linode.com.
111.58.198.in-addr.arpa nameserver = ns1.linode.com.
111.58.198.in-addr.arpa nameserver = ns3.linode.com.
111.58.198.in-addr.arpa nameserver = ns5.linode.com.
111.58.198.in-addr.arpa nameserver = ns2.linode.com.

You can get rid of the direct link but most people don't. Also asking netcraft tends to work.

EDIT: A huge list of cloudflare sites and their origin server: http://www.cloudflare-watch.org/cfs.html.

Psssh, ok I exaggerated. :D

Yes, some people waste a lot of money on DDoS protection and fail to take simple little steps to make it actually effective. :p