Feeds

Netcraft Web Server Survey – October 2001

Stats, stats and more stats

  • alert
  • submit to reddit

Build a business case: developing custom apps

Top Developers
Developer Sept '01 Share Oct '01 Share Change
Apache 19279109 59.51 18851352 56.89 -2.62
Microsoft 8895343 27.46 9607363 28.99 1.53
iPlanet 1319271 4.07 1278720 3.86 -0.21
Zeus 783261 2.42 775438 2.34 -0.08
Active Sites
Developer Sept '01 Share Oct '01 Share Change
Apache 7924169 60.86 7781145 61.36 0.50
Microsoft 3905978 30.00 3612310 28.49 -1.51
iPlanet 268063 2.06 249418 1.97 -0.09
Zeus 166077 1.28 171023 1.35 0.07

Around the Net

The number of Apache sites found by this month's survey actually fell in absolute numbers as well as percentages, primarily as a result a routing problem in Germany causing around a 5-10 per cent reduction in sites responding in that country, and more significant losses of mass shared hosting sites at Exodus, KPNQwest and Bell South.

Emphasizing the hard times in the mass hosting industry, Microsoft's significant loss of active sites is primarily attributable to an adjustment of the business model at a large hoster of free shared sites, homestead.com, which this month revoked access to many of their users free sites until they pay.

Microsoft-IIS competitive upgrades

Over the last two months most of the vendors in the Web server marketplace have run competitive upgrade initiatives aimed at Microsoft-IIS.

Iplanet is offering a reduced price for sites transitioning to Netscape-Enterprise, and also including a free copy of the ChiliSoft ASP implementation to assist people migrating ASP applications.

Chilisoft competitor Halcyon Software has a similar program, with its marketing material making an interesting point that major Microsoft partners IBM has a policy forbidding the use of Microsoft-IIS on Internet-facing networks. This is demonstrably true with only three out of several hundred IBM sites running Microsoft-IIS, and, as the Halcyon material describes, these are the sites responsible for IBM's entries in the defacement archives.

Zeus has announced a new version of their server with a comprehensive set of new facilities, and some strong statements on Zeus' security track record.

Zeus strategy includes one of 'embrace and extend' with Microsoft-IIS, by promoting the use of Zeus as a secure reverse proxy sitting in front of existing Microsoft-IIS deployments. This could find favour with busy Microsoft-IIS sites as they can continue to develop their site in exactly the same way as before, and view the Zeus server as a blackbox in front of the existing server, providing caching and url filtering.

Oracle will now support its version of Apache across all platforms, including Win32. However, this move may be as much aimed at IBM, who also provide Apache in conjunction with their WebSphere application server, as against Microsoft.

It is interesting to be able to report on how some of the competitive offers are faring. During the last month, some 1506 Microsoft-IIS sites have moved to Zeus, and 1719 are now running Netscape-Enterprise.

Ironically, the lion's share of the 131,417 sites which have moved from Microsoft-IIS, have moved to Apache which has no explicit campaign to encourage Microsoft-IIS sites to transition to the server, though at least 4500 of these are running on Cobalt servers, traditionally a close competitor for Microsoft in the dedicated server market.

Some sites that have made the move include fatbrain.com, auctions.zdnet.com, electronics.cnet.com and www.nba.com, while Halcyonsoft have taken their own advice and switched www.halcyonsoft.com to Win32 Apache.

Web Server Security

Our new table of vulnerabilities in SSL sites tested by us attracted a lot of comment last month. One request was that we should show more clearly the percentages of sites allowing execution of commands on the server, rather than just showing statistics for individual vulnerabilities, as these would be inflated by a given site being concurrently vulnerable to multiple exploits.

This is set out in the table below. The number of sites found to be vulnerable by our tests peaked at over 60 per cent in June, and shows how ripe the internet was for Code Red. The significant fall since shows the combined impact of Code Red, and Microsoft's first cumulative security patch.

One would expect that Microsoft is delighted at the success of the cumulative patch, but disappointed that a significant minority of the Microsoft-IIS community is still very exposed and some one in ten sites providing e-commerce and encrypted transactions have backdoors in place to allow external attackers to monitor the systems, and have commands executed on the machines.

Vulnerable Microsoft-IIS SSL Sites Statistics
Vulnerability May Jun July Aug Sept Oct
Admin pages accessible 23.08% 35.71% 11.76% 10.26% 17.14% 24.69%
Cross-site scripting 73.08% 57.14% 36.47% 19.23% 22.86% 13.58%
URL decode bugs 34.62% 42.86% 32.94% 16.67% 17.14% 12.35%
Sample pages, scripts 15.38% 28.57% 14.12% 16.67% 17.14% 25.93%
Server paths revealed 36.54% 50.00% 22.94% 6.41% 8.57% 9.88%
Viewing script source 25.00% 21.43% 11.18% 3.85% 11.47% 4.94%
WebDAV configuration 30.77% 50.00% 47.65% 43.59% 37.14% 34.57%
IIS .printer overflow 23.08% 21.43% 10.00% 2.56% 2.86% 1.23%
Code Red 0.00% 14.29% 34.71% 2.00% 0.00% 2.47%
root.exe installed 5.77% 7.14% 10.00% 12.82% 8.57% 11.11%

Internet Research from Netcraft

Netcraft does commercial internet research projects. These include custom cuts on the Web Server Survey data, hosting industry analysis, corporate use of internet technology and bespoke projects. All of the data is gathered through network exploration, not teleresearch.

Network Security Testing from Netcraft

Netcraft provides automated network security testing of customer networks and consultancy audits of ecommerce sites, Clients include IBM, Hewlett-Packard, Deloitte & Touche, Energis, Britannic Assurance, Guardian Royal Exchange, Lloyds of London, Laura Ashley, etc.

Next gen security for virtualised datacentres

More from The Register

next story
Kate Bush: Don't make me HAVE CONTACT with your iPHONE
Can't face sea of wobbling fondle implements. What happened to lighters, eh?
Video of US journalist 'beheading' pulled from social media
Yanked footage featured British-accented attacker and US journo James Foley
Caught red-handed: UK cops, PCSOs, specials behaving badly… on social media
No Mr Fuzz, don't ask a crime victim to be your pal on Facebook
Ballmer leaves Microsoft board to spend more time with his b-balls
From Clippy to Clippers: Hi, I see you're running an NBA team now ...
Online tat bazaar eBay coughs to YET ANOTHER outage
Web-based flea market struck dumb by size and scale of fail
Amazon takes swipe at PayPal, Square with card reader for mobes
Etailer plans to undercut rivals with low transaction fee offer
Assange™: Hey world, I'M STILL HERE, ignore that Snowden guy
Press conference: ME ME ME ME ME ME ME (cont'd pg 94)
Call of Duty daddy considers launching own movie studio
Activision Blizzard might like quality control of a CoD film
US regulators OK sale of IBM's x86 server biz to Lenovo
Now all that remains is for gov't offices to ban the boxes
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.