Most Reliable Hosting Company Sites in October 2015

Rank Performance Graph OS Outage
hh:mm:ss
Failed
Req%
DNS Connect First
byte
Total
1 GoDaddy.com Inc Linux 0:00:00 0.000 0.255 0.007 0.019 0.019
2 Swishmail FreeBSD 0:00:00 0.000 0.153 0.062 0.123 0.166
3 XILO Communications Ltd. Linux 0:00:00 0.000 0.224 0.063 0.126 0.126
4 Datapipe Linux 0:00:00 0.004 0.156 0.012 0.025 0.032
5 Qube Managed Services Linux 0:00:00 0.004 0.148 0.043 0.088 0.088
6 EveryCity SmartOS 0:00:00 0.004 0.092 0.066 0.133 0.133
7 Anexia Linux 0:00:00 0.004 0.187 0.085 0.171 0.172
8 Hivelocity Hosting Linux 0:00:00 0.004 0.185 0.091 0.181 0.181
9 Bigstep Linux 0:00:00 0.013 0.160 0.060 0.122 0.122
10 Memset Linux 0:00:00 0.013 0.157 0.063 0.160 0.246

See full table

For the third month in a row, GoDaddy has had the most reliable hosting company site. It responded to every availability request made by Netcraft throughout October, with an average connection time of just 7 milliseconds. This is the sixth time this year that GoDaddy has featured in the top ten.

On 29 October, GoDaddy announced a new 'best-in-class' partner offer with AdAgility for customers of its GoDaddy Pro programme. This additional feature allows web designers and developers to take greater control over the advertising content on their sites.

Swishmail has risen to second place for reliability this month. This is now its third appearance in the top ten since January, with the last appearance—in July—placing it tenth. Like GoDaddy, Swishmail responded to all of the availability requests made by Netcraft throughout October; however, the average connection time sat higher at 62 milliseconds.

XILO Communications Ltd. saw a return to the top three most reliable hosting companies this month for the first time since January. Like GoDaddy and Swishmail, 100% of the availability requests made by Netcraft received a response. With an average connection time of 63 milliseconds, this makes it the eighth time this year that XILO Communications Ltd. has made it into the top ten.

Yet again, the table this month is dominated by Linux, which is used by eight of the top ten sites. EveryCity uses the SmartOS community fork of OpenSolaris, while Swishmail uses the FreeBSD operating system. This is now the fourth month in a row where Microsoft Windows has been completely absent from the top ten.

Netcraft measures and makes available the response times of around forty leading hosting providers' sites. The performance measurements are made at fifteen minute intervals from separate points around the internet, and averages are calculated over the immediately preceding 24 hour period.

From a customer's point of view, the percentage of failed requests is more pertinent than outages on hosting companies' own sites, as this gives a pointer to reliability of routing, and this is why we choose to rank our table by fewest failed requests, rather than shortest periods of outage. In the event the number of failed requests are equal then sites are ranked by average connection times.

Information on the measurement process and current measurements is available.

Most Reliable Hosting Company Sites in September 2015

Rank Performance Graph OS Outage
hh:mm:ss
Failed
Req%
DNS Connect First
byte
Total
1 GoDaddy.com Inc Linux 0:00:00 0.000 0.256 0.008 0.019 0.019
2 Datapipe Linux 0:00:00 0.004 0.164 0.012 0.025 0.032
3 Qube Managed Services Linux 0:00:00 0.004 0.150 0.044 0.089 0.089
4 XILO Communications Ltd. Linux 0:00:00 0.009 0.224 0.064 0.128 0.129
5 Memset Linux 0:00:00 0.013 0.159 0.065 0.158 0.248
6 EveryCity SmartOS 0:00:00 0.018 0.100 0.067 0.133 0.134
7 Anexia Linux 0:00:00 0.018 0.191 0.086 0.174 0.174
8 Pickaweb Linux 0:00:00 0.026 0.305 0.010 0.168 0.169
9 Hyve Managed Hosting Linux 0:00:00 0.031 0.110 0.063 0.127 0.128
10 Pair Networks FreeBSD 0:00:00 0.031 0.241 0.070 0.141 0.141

See full table

For the second month in a row, GoDaddy had the most reliable hosting company website. Throughout September, it was the only company to respond to all of Netcraft's requests, with an average connection time of only 8 milliseconds. This is the fifth time this year that GoDaddy has been in the top ten.

GoDaddy recently added new features to its GoDaddy Pro programme, which has grown to more than 50,000 members since its launch in June. Aimed at web designers and developers, it allows members to manage clients and clients' products, offering discounts of at least 30%.

Datapipe had the second most reliable hosting company website in September, with just a single failed request. Datapipe came first in July, and August was the only month so far this year when it was absent from the top ten.

On 9 September 2015, Datapipe announced that it had acquired DualSpark – an Amazon Web Services assessment, automation and migration company, which was founded by former AWS managers. Datapipe hopes to use DualSpark's DevOps and automation expertise to bring increased levels of support to its cloud clients.

Qube Managed Services ranked third in September, also with only one failed request, but with a marginally longer average connection time than Datapipe. Qube's site has appeared in the top ten for all but two months so far in 2015, making this its seventh appearance.

Linux dominates the chart this month, being used by eight of the top ten sites, and all of the top five. EveryCity uses the SmartOS community fork of OpenSolaris, while Pair Networks uses the FreeBSD operating system. This is the third month in a row where Microsoft Windows has been completely absent from the top ten.

Netcraft measures and makes available the response times of around forty leading hosting providers' sites. The performance measurements are made at fifteen minute intervals from separate points around the internet, and averages are calculated over the immediately preceding 24 hour period.

From a customer's point of view, the percentage of failed requests is more pertinent than outages on hosting companies' own sites, as this gives a pointer to reliability of routing, and this is why we choose to rank our table by fewest failed requests, rather than shortest periods of outage. In the event the number of failed requests are equal then sites are ranked by average connection times.

Information on the measurement process and current measurements is available.

Most Reliable Hosting Company Sites in August 2015

Rank Performance Graph OS Outage
hh:mm:ss
Failed
Req%
DNS Connect First
byte
Total
1 GoDaddy.com Inc Linux 0:00:00 0.004 0.235 0.008 0.019 0.020
2 Qube Managed Services Linux 0:00:00 0.004 0.149 0.047 0.097 0.097
3 ServerStack Linux 0:00:00 0.004 0.131 0.066 0.133 0.133
4 Pair Networks FreeBSD 0:00:00 0.004 0.239 0.070 0.142 0.142
5 Anexia Linux 0:00:00 0.004 0.191 0.083 0.169 0.169
6 XILO Communications Ltd. Linux 0:00:00 0.008 0.218 0.063 0.125 0.125
7 INetU Linux 0:00:00 0.008 0.128 0.066 0.135 0.135
8 Hyve Managed Hosting Linux 0:00:00 0.013 0.113 0.061 0.122 0.123
9 EveryCity SmartOS 0:00:00 0.013 0.098 0.067 0.134 0.134
10 www.dinahosting.com Linux 0:00:00 0.013 0.274 0.084 0.169 0.169

See full table

GoDaddy had the most reliable company website in August, responding successfully to all but one of Netcraft's requests. This marks GoDaddy's third consecutive appearance in the top 10 in 2015, and the first time it has topped the charts this year. GoDaddy has recently added a number of new features to GoDaddy Online Store, which makes it simpler for online merchants to build ecommerce sites. These features include integration with Shippo as well as GoDaddy Email Marketing.

Qube, Serverstack, Pair Networks, and Anexia also had only one failed request each this month, placing second, third, fourth, and fifth respectively based on the average connection time. This is Pair Networks' first appearance in the top 10 this year. Pittsburgh-based Pair Networks is also the only site running FreeBSD this month.

Linux remains the most common choice of operating system, powering 8 of the 10 sites. This is the second consecutive month without any sites powered by Windows appearing in the top 10.

Netcraft measures and makes available the response times of around forty leading hosting providers' sites. The performance measurements are made at fifteen minute intervals from separate points around the internet, and averages are calculated over the immediately preceding 24 hour period.

From a customer's point of view, the percentage of failed requests is more pertinent than outages on hosting companies' own sites, as this gives a pointer to reliability of routing, and this is why we choose to rank our table by fewest failed requests, rather than shortest periods of outage. In the event the number of failed requests are equal then sites are ranked by average connection times.

Information on the measurement process and current measurements is available.

Millions still running the risk with Windows Server 2003

More than 600,000 web-facing computers — which host millions of websites — are still running Windows Server 2003, despite it no longer being supported.

The number of web-facing computers running Windows Server 2003 has been on a gradual decline since its peak usage in 2011, but many servers are still using it. Mainstream support for Windows Server 2003 ended in July 2010.

The number of web-facing computers running Windows Server 2003 has been on a gradual decline since its peak usage in 2011, but many servers are still using it. Mainstream support for Windows Server 2003 ended in July 2010.

Extended support for Windows Server 2003 ended on July 14, 2015. Crucially, this means that Microsoft will no longer be issuing security updates for any version of Windows Server 2003. US-CERT warns that these unsupported installations of Windows Server 2003 are exposed to an elevated risk of cybersecurity dangers, such as malicious attacks or electronic data loss.

Windows Server 2003 was originally launched over 12 years ago, with the latest major update being released 8 years ago in the form of Service Pack 2. This update was particularly beneficial for web servers, as it added the Scalable Networking Pack (SNP), which allowed for hardware acceleration of network packet processing.

Fifth of the internet still running Windows Server 2003

Netcraft's July 2015 Web Server Survey found 175 million websites that are served directly from Windows Server 2003 computers. These account for more than a fifth of all websites in the survey, making the potential attack surface huge.

Most of these sites (73%) are served by Microsoft Internet Information Services 6.0, which is the version of IIS that shipped with Windows Server 2003 and the 64-bit edition of Windows XP Professional; however, it is rare to see the latter being used as a web server platform.

The remaining Windows Server 2003-powered sites use a variety of web server software, with GSHD 3.0, Safedog 4.0.0, Apache 2.2.8 (Win32), kangle 3.4.8, NetBox Version 2.8 Build 4128 and nginx/1.0.13-win32 being amongst the most commonly seen Server headers. While vulnerabilities in these software products can be addressed by applying patches or updates, future vulnerabilities in the underlying Windows Server 2003 operating system may never be fixed.

14 million of the sites did not send a Server header at all, so it was not apparent whether the web server software used by these sites could be updated, but the underlying computers could still be identified as running Windows Server 2003. Netcraft determines the operating system of a remote web server by analysing the low-level TCP/IP characteristics of response packets, and so it is independent of whichever server software the site claims to be running.

Backend servers might also be exploitable

In addition to the 175 million websites that are served directly from Windows Server 2003 computers, a further 1.7 million sites served from other operating systems sent the Microsoft-IIS/6.0 Server header. This indicates the presence of backend Windows Server 2003 machines behind load balances and similar devices that are not running Windows.

For example, if the TCP/IP characteristics of a web server's response indicate that it is running Linux, but the HTTP Server header reports it is using Microsoft-IIS/6.0, then the Linux machine is likely to be acting as a reverse proxy to a Windows Server 2003 machine running IIS 6.0. Although the Windows Server 2003 machine is not directly exposed to the internet, it may still be possible for a remote attacker to exploit certain Windows and IIS vulnerabilities.

How many Windows Server 2003 installations are exposed to the web?

Netcraft has developed a technique for identifying the number of unique computers that act as web servers on the internet. The 175 million sites that use Windows Server 2003 make use of 1.6 million distinct IP addresses. However, an individual computer running Windows Server 2003 may have multiple IP addresses, which makes this an unsuitable metric for determining how many installations there are.

Further analysis of the low-level TCP/IP characteristics reveals a total of 609,000 web-facing computers running Windows Server 2003. This is over 10% of all web-facing computers, and shows the true potential cost of migration, as software licensing is typically charged on a per-machine rather than per-IP address basis.

Who's still using Windows Server 2003?

China and the United States account for 55% of the world's Windows Server 2003 computers (169,000 in China and 166,000 in the US), yet only 43% of all other web facing computers.

Within China, more than 24,000 of these computers are hosted by Alibaba Group. Nearly half of these are hosted by HiChina, which was acquired by Alibaba in 2009, while 7,500 are hosted at its rapidly growing cloud hosting unit, Aliyun.

Aliyun still allows its customers to create Windows Server 2003 virtual machines.

Aliyun still allows its customers to create Windows Server 2003 virtual machines.

One of the most prominent companies still using Windows Server 2003 on the internet is LivePerson, which is best known for the live chat software that allows its customers to talk to their visitors in realtime. Its main site at www.liveperson.com uses Microsoft IIS 6.0 on Windows Server 2003, and several other sites related to its live chat functionality — such as sales.liveperson.net — also appear to use IIS 6.0 on Server 2003, but are served via F5 BIG IP web-facing devices.

Even some banks are still using Windows Server 2003 and IIS 6.0 on their main sites, with the most popular ones including Natwest, ANZ, and Grupo Bancolombia. These sites rank amongst the top 10,000 in the world, and hundreds of other banking sites also appear to be using Windows Server 2003.

ING Direct and Caisse d'Epargne are also using IIS 6.0, but these sites appear to be served through F5 BIG-IP or similar devices, rather than having Windows Server 2003 machines exposed directly to the internet. Even some security and antivirus software vendors are still running IIS 6.0 on public-facing sites, including Panda Security and eScan.

While Microsoft does not officially offer any support beyond the extended support period ("Once a product transitions out of support, no further support will be provided for the product"), reports suggest that some companies who have not migrated in time have arranged to pay millions of dollars for custom support deals.

PCI compliance: Automatic failure

Companies still using unsupported operating systems like Windows Server 2003 in a cardholder data environment should migrate immediately. All organisations and merchants who accept, transmit or store cardholder data must maintain a secure PCI compliant environment.

The Payment Card Industry Data Security Standard (PCI DSS) provides a baseline of technical and operational requirements designed to protect cardholder data and sensitive authentication data. PCI DSS Requirement 6.2 requires all system components and software to be protected from known vulnerabilities by installing vendor-supplied security patches. This will not be possible with Windows Server 2003, as no more security updates will be made available by Microsoft.

Additionally, merchants and service providers who handle a large enough volume of cardholder data must have quarterly security scans by a PCI SSC Approved Scanning Vendor (such as Netcraft) in order to maintain compliance. ASVs are required to record an automatic failure if the merchant's cardholder data environment uses an operating system that is no longer supported.

In some cases, the PCI SSC can allow for risks to be mitigated through the implementation of suitable compensating controls, but these are unlikely to be sufficient for an unsupported web-facing operating system – especially one which will become less secure as time goes by, as new vulnerabilities are discovered.

Consequently, many merchants still using Windows Server 2003 is likely to be noncompliant, and could face fines, increased transaction fees, reputational damage, or other potentially disastrous penalties such as cancelled accounts.

Microsoft advises that any datacenter still using Windows Server 2003 needs to protect its infrastructure by planning and executing a migration strategy. Some possible options suggested by Microsoft include switching to Windows Server 2012 R2, Microsoft Azure or Office 365. To help customers migrate, Microsoft has provided an interactive Windows Server 2003 Migration Planning Assistant, which, incidentally, is hosted on Microsoft Azure.

Finding out more

Netcraft's techniques provide an independent view with a consistent methodology on the number of web-facing computers at each hosting location worldwide. For more information, see our Hosting Provider Server Count, or contact us at sales@netcraft.com for bespoke datasets.

For more information about Netcraft's Automated Vulnerability Scanning for PCI Compliance, please contact us at security-sales@netcraft.com.

Most Reliable Hosting Company Sites in July 2015

Rank Performance Graph OS Outage
hh:mm:ss
Failed
Req%
DNS Connect First
byte
Total
1 Datapipe Linux 0:00:00 0.004 0.106 0.012 0.026 0.037
2 GoDaddy.com Inc Linux 0:00:00 0.009 0.131 0.009 0.023 0.024
3 Qube Managed Services Linux 0:00:00 0.009 0.109 0.047 0.094 0.094
4 EveryCity SmartOS 0:00:00 0.009 0.067 0.066 0.131 0.131
5 XILO Communications Ltd. Linux 0:00:00 0.013 0.182 0.063 0.128 0.128
6 Anexia Linux 0:00:00 0.013 0.404 0.086 0.173 0.173
7 Bigstep Linux 0:00:00 0.018 0.111 0.062 0.124 0.124
8 LeaseWeb Linux 0:00:00 0.022 0.224 0.025 0.053 0.053
9 ServerStack Linux 0:00:00 0.027 0.080 0.072 0.143 0.143
10 Swishmail FreeBSD 0:00:00 0.031 0.123 0.066 0.132 0.172

See full table

Datapipe had the most reliable company website during July, responding successfully to all but one of Netcraft's requests. This continues their regular appearance in the top 10, making 11 of the past 12 months and every month of 2015 so far. Datapipe offers a 100% Uptime Guarantee, and fulfilled this promise on its own site, with 100% uptime recorded over the past 9 years.

With two failed requests each, GoDaddy, Qube, and EveryCity contend for second place. The ranking between them is decided by the average connection time, putting GoDaddy into second place and Qube into third. GoDaddy recently produced CODE, a documentary about gender bias in the tech industry; the film was selected for the Tribeca Film Festival. Qube is based in London and offers managed private cloud hosting services from datacentres in London, New York and Zurich.

Linux is once again the most common choice of Operating System; 8 out of the top 10 companies used the OS to power their website. The two remaining sites were powered by SmartOS and FreeBSD. This is the first time since December 2014 that no sites powered by Windows have appeared in the top 10.

Netcraft measures and makes available the response times of around forty leading hosting providers' sites. The performance measurements are made at fifteen minute intervals from separate points around the internet, and averages are calculated over the immediately preceding 24 hour period.

From a customer's point of view, the percentage of failed requests is more pertinent than outages on hosting companies' own sites, as this gives a pointer to reliability of routing, and this is why we choose to rank our table by fewest failed requests, rather than shortest periods of outage. In the event the number of failed requests are equal then sites are ranked by average connection times.

Information on the measurement process and current measurements is available.

Most Reliable Hosting Company Sites in June 2015

Rank Performance Graph OS Outage
hh:mm:ss
Failed
Req%
DNS Connect First
byte
Total
1 Qube Managed Services Linux 0:00:00 0.000 0.102 0.052 0.104 0.104
2 ServerStack Linux 0:00:00 0.000 0.074 0.076 0.152 0.152
3 Bigstep Linux 0:00:00 0.005 0.117 0.060 0.123 0.123
4 iWeb Linux 0:00:00 0.005 0.135 0.078 0.156 0.156
5 Anexia Linux 0:00:00 0.005 0.541 0.085 0.172 0.172
6 GoDaddy.com Inc Linux 0:00:00 0.010 0.121 0.009 0.022 0.023
7 Datapipe Linux 0:00:00 0.015 0.095 0.013 0.027 0.037
8 Netcetera Windows Server 2012 0:00:00 0.015 0.055 0.083 0.165 0.165
9 LeaseWeb Linux 0:00:00 0.025 0.224 0.028 0.061 0.061
10 One.com Linux 0:00:00 0.025 0.166 0.058 0.217 0.218

See full table

Qube Managed Services had the most reliable website during June, responding successfully to all of Netcraft's requests. This is Qube's fourth appearance in the top ten in 2015, continuing its strong showing from 2014 when it placed in the top ten in eleven months, and came first on four occasions. Qube is based in London and offers managed private cloud hosting services from datacentres in London, New York and Zurich.

In second place, ServerStack also successfully responded to all requests in June, placing second only as a result of a slightly slower average connection time. ServerStack provides managed hosting services to enterprises from three datacentres in Amsterdam, New Jersey and San Jose. It has appeared in the top 10 list frequently in the past few years.

Bigstep, iWeb and Anexia also did well this month, each responding to all but one request.

Linux remains the most popular choice of operating system, with 9 of the top 10 companies using the OS to power their website, while the remaining one uses Windows Server 2012.

Netcraft measures and makes available the response times of around forty leading hosting providers' sites. The performance measurements are made at fifteen minute intervals from separate points around the internet, and averages are calculated over the immediately preceding 24 hour period.

From a customer's point of view, the percentage of failed requests is more pertinent than outages on hosting companies' own sites, as this gives a pointer to reliability of routing, and this is why we choose to rank our table by fewest failed requests, rather than shortest periods of outage. In the event the number of failed requests are equal then sites are ranked by average connection times.

Information on the measurement process and current measurements is available.