Netcraft posts May 2001 Web survey

Data frenzy

The Netcraft Web Server Survey is a survey of Web Server software usage on Internet connected computers. We collect and collate as many hostnames providing an http service as we can find, and systematically poll each one with an HTTP request for the server name. In the May 2001 survey we received responses from 29,031,745 sites.

Top Developers

Developer April 2001 Percent May 2001 Percent Change
Apache 17932251 62.55 18069603 62.24 -0.31
Microsoft 5918319 20.64 5958734 20.52 -0.12
iPlanet 1798490 6.27 1813244 6.25 -0.02

Top Servers

Server April 2001 Percent May 2001 Percent Change
Apache 17932251 62.55 18069603 62.24 -0.31
Microsoft-IIS 5916724 20.64 5957240 20.52 -0.12
Netscape-Enterprise 1762872 6.15 1778958 6.13 -0.02
Zeus 779209 2.72 798745 2.75 0.03
Rapidsite 402829 1.41 407488 1.40 -0.01
AOLserver 272815 0.95 377264 1.30 0.35
thttpd 369930 1.29 370282 1.28 -0.01
tigershark 200620 0.70 215321 0.74 0.04
WebSitePro 119586 0.42 118762 0.41 -0.01
ConcentricHost-Ashurbanipal 106443 0.37 109879 0.38 0.01

Active Sites

Developer April 2001 Percent May 2001 Percent Change
Apache 7015250 61.67 7230089 61.53 -0.14
Microsoft 2961984 26.04 3062949 26.07 0.03
iPlanet 294594 2.59 324722 2.76 0.17

Nb. iPlanet is the sum of sites running iPlanet-Enterprise, Netscape-Enterprise, Netscape-FastTrack, Netscape-Commerce, Netscape-Communications, Netsite-Commerce and Netsite-Communications. Microsoft is the sum of sites running Microsoft-Internet-Information-Server, Microsoft-IIS, Microsoft-IIS-W, Microsoft-PWS-95, Microsoft-PWS.

Around the Web

Web Server Security
Web Server Security has been at the forefront of the news throughout the last month, with the archive site announcing that it had received a list of around 9000 Microsoft-IIS sites that had been successfully been taken control of by attackers. Subsequently Attrition stated that it would stop archiving mirrors of such sites as it was unable to keep pace with the number of successful attacks. Recently it has been receiving over 100 reports of successful attacks in a single day, more than for the entire years of 1995 & 1996.

CERT is also reporting on the sadmind/Microsoft-IIS vulnerability which is being actively exploited despite patches being available from Microsoft since October last year.

Separately, the main site and, which hosts a large number of free software projects, were both compromised via a sniffing attack. Projects are currently undertaking code reviews to determine whether any covert channels have been placed in the source code.

The Microsoft-IIS and attacks raise the possibility of very large numbers of machines falling under the control of a single person, or group of people acting in concert, as Microsoft and Apache between them account for the great majority of Internet web sites. Indeed, there is a chance that this may have already happened.

Netcraft believes that it is more likely that the number of compromised Microsoft-IIS sites is in the order of hundreds of thousands rather than the 9000 figure widely reported in secondary coverage of In our own network security testing business, around a third of the 41 Microsoft-IIS servers we have tested for the first time since the posting have been vulnerable, while four had already been exploited, and taken control of by an attacker without the knowledge of the site owner. Around half of the internet's e-commerce sites run on Microsoft-IIS, and there is the potential for a great deal of economic damage.

Traditionally the mainstream media portrays this scenario as having been created by the software developer, who should have been more careful when coding, but this seems to be pointing the finger in completely the wrong direction when a well documented patch has been available for six months, or in the case of the Apache, a crack code review team is assembled within hours of finding the intrusion.

Currently many e-commerce site owners operate without any regular security testing, and it is shocking to see third-party privacy and encryption assurance seals giving the Internet community confidence that it is safe to shop on servers which have not been patched or upgraded in a year, are patently vulnerable and possibly already under the control of a criminal third-party.

Netcraft itself will do two things to help this situation. Firstly, we will introduce an optional assurance seal for our customers such that people can show that their site is being tested on a regular basis, and the date of the last clean test. Secondly, we will introduce a tariff for a single host or ip address, such as commonly found at dedicated server companies, so that our own cost barrier to regular, frequent detailed testing is much lower. Details will appear on our site over the next two weeks, and in the interim we encourage people to mail us to request information.

Server Blades vs Cobalt

RLX Technologies launched its ServerBlade this month, which perhaps presents the most significant change in hosting technology since the introduction of the 1U server. Over the last two years Cobalt has come to lead America's dedicated server industry, and make significant inroads into several European markets. It is conceivable that the Server Blade may change this. However there are reasons other than size why people like to run Cobalt, including the user interface and ease of administration. One anticipates that dedicated server companies will be strongly attracted to Server Blades, because of the power and space advantages, and because it is has been very hard to make a profit from providing Cobalt hosting, which, modulo network performance and availability, is a market close to perfect competition.

However, the impact of server blades is by no means certain. The dedicated server companies' customers may be less easy to persuade, as they do not see the power or space issues, just the Cobalt GUI, and if customers ask for Cobalt, then that is what the dedicated server companies will have to buy.

Microsoft will have a key roll to play in determining RLX's success, as server blades stand a good chance of being deployed when a customer asks for a Windows server, and Microsoft made an announcement of its own plans for server appliances to coincide with the RLX Launch. If Microsoft can successfully compete with Cobalt at a software level, then RLX will have the opportunity to compete at the hardware level.

Ironically, RLX's own site, hosted at leading dedicated server company runs Linux and Apache. ®

Sponsored: How to Process, Wrangle, Analyze and Visualize your Data with Three Complementary Tools


Biting the hand that feeds IT © 1998–2019