Voice Recognition Response Systems
Your Daily Source for Apache News and Information  
Breaking News Preferences Contribute Triggers Link Us Search About
The May Netcraft survey is out: it's an Apache world!
(Jun 1st, 14:47:06 )

The Netcraft Web Server Survey is a survey of Web Server software usage on Internet connected computers. We collect and collate as many hostnames providing an http service as we can find, and systematically poll each one with an HTTP request for the server name.
In the May 2001 survey we received responses from 29,031,745 sites.

Market Share for Top Servers Across All Domains August 1995 - May 2001

Top Developers

Developer April 2001 Percent May 2001 Percent Change
Apache 17932251 62.55 18069603 62.24 -0.31
Microsoft 5918319 20.64 5958734 20.52 -0.12
iPlanet 1798490 6.27 1813244 6.25 -0.02

Top Servers

Server April 2001 Percent May 2001 Percent Change
Apache 17932251 62.55 18069603 62.24 -0.31
Microsoft-IIS 5916724 20.64 5957240 20.52 -0.12
Netscape-Enterprise 1762872 6.15 1778958 6.13 -0.02
Zeus 779209 2.72 798745 2.75 0.03
Rapidsite 402829 1.41 407488 1.40 -0.01
AOLserver 272815 0.95 377264 1.30 0.35
thttpd 369930 1.29 370282 1.28 -0.01
tigershark 200620 0.70 215321 0.74 0.04
WebSitePro 119586 0.42 118762 0.41 -0.01
ConcentricHost-Ashurbanipal 106443 0.37 109879 0.38 0.01

Active Sites

Developer April 2001 Percent May 2001 Percent Change
Apache 7015250 61.67 7230089 61.53 -0.14
Microsoft 2961984 26.04 3062949 26.07 0.03
iPlanet 294594 2.59 324722 2.76 0.17

iPlanet is the sum of sites running iPlanet-Enterprise, Netscape-Enterprise, Netscape-FastTrack, Netscape-Commerce, Netscape-Communications, Netsite-Commerce & Netsite-Communications.

Microsoft is the sum of sites running Microsoft-Internet-Information-Server, Microsoft-IIS, Microsoft-IIS-W, Microsoft-PWS-95, & Microsoft-PWS.

Platform groupings are here.

Around the Net

Web Server Security

Web Server Security has been at the forefront of the news throughout the last month, with the  archive site attrition.org announcing that it had received a list of around 9000 Microsoft-IIS sites that had been successfully been taken control of by attackers. Subsequently Attrition stated that it would stop archiving mirrors of such sites as it was unable to keep pace with the number of successful attacks. Recently it has been receiving over 100 reports of successful attacks in a single day, more than for the entire years of 1995 & 1996.

 CERT is also reporting on the sadmind/Microsoft-IIS vulnerability which is being actively exploited despite patches being available from Microsoft since October last year.

Separately, the main www.apache.org site and www.sourceforge.net which hosts a large number of free software projects were both compromised via a sniffing attack. Projects are currently undertaking code reviews to determine whether any covert channels have been placed in the source code.

The Microsoft-IIS and apache.org attacks raise the possibility of very large numbers of machines falling under the control of a single person, or group of people acting in concert, as Microsoft and Apache between them account for the great majority of Internet web sites. Indeed, there is a chance that this may have already happened.

Netcraft believes that it is more likely that the number of compromised Microsoft-IIS sites is in the order of hundreds of thousands rather than the 9000 figure widely reported in secondary coverage of attrition.org. In our own network security testing business,  around a third of the 41 Microsoft-IIS servers we have tested for the first time since the attrition.org posting have been vulnerable, while 4 had already been exploited, and taken control of by an attacker without the knowledge of the site owner. Around half of the internet's ecommerce sites run on Microsoft-IIS, and there is the potential for a great deal of economic damage.

Traditionally the mainstream media portrays this scenario as having been created by the software developer, who should have been more careful when coding, but this seems to be pointing the finger in completely the wrong direction when a well documented patch has been available for six months, or in the case of the Apache, a crack code review team is assembled within hours of finding the intrusion.

 Currently many ecommerce site owners operate without any regular security testing, and it is shocking to see third party privacy and encryption assurance seals giving the internet community confidence that it is safe to shop on servers which have not been patched or upgraded in a year, are patently vulnerable and possibly already under the control of a criminal third party.

Netcraft itself will do two things to help this situation. Firstly, we will introduce an optional assurance seal for our customers such that people can show that their site is being tested on a regular basis, and the date of the last clean test. Secondly, we will introduce a tariff for a single host or ip address, such as commonly found at dedicated server companies, so that our own cost barrier to regular, frequent detailed testing is much lower. Details will appear on our site over the next two weeks, and in the interim we encourage people to to request information.

Server Blades v Cobalt

RLX Technologies  launched its ServerBlade this month, which perhaps presents the most significant change in hosting technology since the introduction of the 1U server. Over the last two years Cobalt has come to lead America's dedicated server industry, and make significant inroads into several European markets. It is conceivable that the Server Blade may change this. However there are reasons other than size why people like to run Cobalt, including the user interface and ease of administration. One anticipates that dedicated server companies will be strongly attracted to Server Blades, because of the power and space advantages, and because it is has been very hard to make a profit from providing Cobalt hosting, which, modulo network performance and availability,  is a market close to perfect competition.

However, the impact of server blades is by no means certain. The dedicated server companies' customers may be less easy to persuade, as  they do not see the power or space issues, just the Cobalt GUI, and if customers ask for Cobalt, then that is what the dedicated server companies will have to buy.

Microsoft will have a key roll to play in determining RLX's success, as server blades stand a good chance of being deployed when a customer asks for a Windows server, and Microsoft made an announcement of its own plans for server appliances to coincide with the RLX Launch. If Microsoft can successfully compete with Cobalt at a software level, then RLX will have the opportunity to compete at the hardware level.

Ironically, RLX's own site, hosted at leading dedicated server company rackspace.com runs Linux and Apache.


Reports and Interactive Queries

Reports are provided showing server usage for the Internet as a whole, and for selected domains, with links to all the sites responding to the survey. A facility for you to check what server a particular site is running now is also available. The same form can be used to ensure that a particular site is included in future surveys. A directory of sites running in developer domains is also provided, while the sites discovered by the survey can be explored.

Fair Use, Copyright

Excerpts from this survey may be reproduced if Netcraft and the url http://www.netcraft.com/survey/ are attributed.

Related Stories:
The April Netcraft survey is out: Apache on top(Apr 18, 2001)
The February 2001 Netcraft Survey is Out: Apache Gains Market Share(Mar 01, 2001)
The January 2001 Netcraft Web Server Survey is out: Apache slips, IIS gains(Feb 01, 2001)

Printed from Apache Today (https://apachetoday.com).

About Triggers Media Kit Security Triggers Login

All times are recorded in UTC.
Linux is a trademark of Linus Torvalds.
Powered by Linux 2.2.12, Apache 1.3.9. and PHP 3.14
Copyright INT Media Group, Incorporated All Rights Reserved.
Legal Notices,  Licensing, Reprints, & Permissions,  Privacy Policy.