In the May 2013 survey we received responses from 672,837,096 sites, which is 23.8M more than last month.
Apache had the largest growth this month, gaining 28.3M websites and increasing its market share by 2.41 percentage points to 53.4%. The majority of this growth was attributable to Apache Traffic Server (ATS), which gained 28M websites and increased its market share from 0.03% to 4.2%. Nearly all of the Apache Traffic Server growth occurred at Go Daddy — 75% of websites hosted by Go Daddy now use ATS and Go Daddy now hosts 99% of all sites using this server software.
Originally created as a commercial product by Inktomi in 1997, Apache Traffic Server is an extensible multi-threaded event-driven caching proxy server which is claimed to scale well on modern multi-core systems. Yahoo! acquired Inktomi in 2005, and in November 2009, the project was donated to the Apache Software Foundation.
The vast majority of the ATS served websites at Go Daddy were previously served by Microsoft IIS, resulting in the rather noticeable loss of 3.26 percentage points of market share. Microsoft IIS's market share is now 16.7%. Despite the loss at Go Daddy it gained more new sites than any competitor this month, with 43% of all new websites being served on Microsoft IIS, while accounting for only 30% of expired websites (this includes inactive blogs, as well as sites which no longer exist).
nginx reached a new milestone this month: it is now used by more than 100M websites, and within the Million Busiest Websites has overtaken Microsoft IIS to take second place with a market share of 13.5%. Overall, nginx's market share now stands at 15.5%, just 1.2 percentage points behind Microsoft, helped by a growth of 8.3M sites this month.
The latest stable version, nginx 1.4.0, was released last week, integrating OCSP stapling and experimental SPDY draft 2 support. nginx is used extensively by the WordPress.com blog hosting service, whose owners – Automattic – sponsored development of the ngx_http_spdy_module. Development of OCSP stapling support was sponsored by Comodo, DigiCert, and GlobalSign.
Developer April 2013 Percent May 2013 Percent Change Apache 331,112,893 51.01% 359,441,468 53.42% 2.41 Microsoft 129,516,421 19.95% 112,303,412 16.69% -3.26 nginx 96,115,847 14.81% 104,411,087 15.52% 0.71 22,707,568 3.50% 23,029,260 3.42% -0.08
In the April 2013 survey we received responses from 649,072,682 sites, 17.6M more than last month.
This month, market leader Apache lost 9.9M sites, or 3 percentage points of market share. A major contributor to this loss was the movement of a large affiliate referral network consisting of around 8M sites now being served by nginx. Apache is now used by just over 51% of websites, which is still substantially more than its closest competitor Microsoft IIS. IIS gained 1.95 percentage points of market share this month (an increase of 15.8M hostnames) bringing its market share to almost 20%. Meanwhile, nginx saw an overall growth of 10.6M sites this month, with the largest nginx hosting company, Hetzner Online AG, contributing an additional 1.6M sites.
In terms of active sites the survey was less volatile. Apache still experienced an overall loss, however much smaller at just 288k active sites. The biggest increase came from nginx, and was unrelated to their large hostname gain described earlier, with Peer1 Networks gaining 1.5M nginx active sites.
North Korea's drew the world's attention to its web presence by accusing the United States and its allies of "intensive and persistent virus attacks" on servers operated by the North Korean regime. The Korean Central News Agency's press release goes on to assert that:
"It is nobody's secret that the U.S. and south Korean puppet regime are massively bolstering up cyber forces in a bid to intensify the subversive activities and sabotages against the DPRK [Democratic People's Republic of Korea]."
There is only a very small number of North Korean sites accessible from outside of the country; however, these sites do make use of several modern and popular web technologies from around the globe. The Rodong Sinmun newspaper's site uses PHP and CentOS 5, and hosts an HTTPS service with an expired self-signed certificate. More controversially, The Korean Central News Agency's official website uses Java, Flash and jQuery and is hosted using Apache 2.2.3 on a server running Red Hat Enterprise Linux 5, a commercial Linux distribution which is owned, distributed and supported by American multinational Red Hat, Inc. Red Hat Enterprise Linux is subject to U.S. export controls, which specifically prohibit its use in North Korea. As a result, this installation is likely unlicensed and so may not receive security updates.
Meanwhile in South Korea, the Government of Korea, an SSL certificate authority (CA) trusted by Microsoft has revoked the last of more than 100 unusual SSL certificates each of which could have allowed its owner to act as a trusted CA. With the ability conferred by the cA bit being set in the Basic Constraints extension, a forged certificate signed using the mis-issued certificate could be trusted for any site by users of some SSL implementations. Any such certificate could be used to perform man-in-the-middle attacks on users of third-party websites in order to view the contents of any intercepted encrypted traffic. There is an additional property which is usually required for a certificate to be considered a valid intermediate — ‘Certificate Signing’ should be set as a permissible Key Usage — but some implementations may ignore this extra requirement. None of the Korean certificates found had the necessary flags set in this additional extension, so most implementations would not trust such forged certificates.
The certificates found appear to have been issued to South Korean academic institutions without the intention of them being able to sign additional certificates. These certificates have been in the Netcraft SSL Server Survey for some time but no longer pose a risk: all of the certificates concerned have either been revoked or have expired. The most recent revocation was on January 31st 2013 for a certificate issued in late 2011, showing it was at risk of misuse for more than a year.
Developer March 2013 Percent April 2013 Percent Change Apache 341,021,574 54.00% 331,112,893 51.01% -2.99 Microsoft 113,712,293 18.01% 129,516,421 19.95% 1.95 nginx 85,467,555 13.53% 96,115,847 14.81% 1.27 22,605,646 3.58% 22,707,568 3.50% -0.08
In the March 2013 survey we received responses from 631,521,198 sites.
Microsoft showed a noticeable gain of 9M sites this month, increasing its market share by 1.42 percentage points to 18.01%. Much of this growth was seen at Go Daddy, which alone gained 2.6M sites powered by Microsoft web servers. Microsoft also fared well amongst the top million busiest sites, where its market share grew by 0.74 percentage points to 13.60%, increasing its narrow lead over its closest rival, nginx.
More than 130,000 of the sites in Netcraft's survey are hosted on Microsoft's Windows Azure cloud platform, but not all are running Microsoft web servers: Since Microsoft Open Technologies launched its VM Depot preview in January, more than 100 ready-to-use images have been added to the community-driven catalogue of virtual machines. This makes it easier for customers to deploy Linux-based images running preconfigured applications and frameworks such as WordPress, Joomla!, Drupal, Django and MongoDB. The majority of these images are based on Ubuntu Linux, and many of them use Apache and PHP to serve their content.
nginx also saw a reasonable gain in market share this month, with an additional 4.4M sites taking its share up by 0.68 percentage points to 13.53%. The most recent development release of nginx (1.3.13) introduced support for proxying WebSocket connections – an HTML5 technology which provides full-duplex communications between a browser and a web application over a single TCP connection. WebSockets are supported by all modern desktop browser software, for which the protocol specification defines two URI schemes:
ws:for unencrypted connections, and
wss:for secure ones. The development of WebSocket support in nginx was sponsored by CloudBees and Apcera, who will both be making use of the new feature in their own services.
nginx performed less well amongst the top million sites, where it had looked set to overtake Microsoft this month. Instead, a net loss of 910 nginx sites resulted in its share falling to 12.72%.
Developer February 2013 Percent March 2013 Percent Change Apache 344,915,105 54.68% 341,021,574 54.00% -0.68 Microsoft 104,647,425 16.59% 113,712,293 18.01% 1.42 nginx 81,074,694 12.85% 85,467,555 13.53% 0.68 22,717,984 3.60% 22,605,646 3.58% -0.02
In the February 2013 survey we received responses from 630,795,511 sites.
Both Apache and Microsoft IIS were used on fewer sites this month, losing more than five million hostnames between them. Conversely, nginx grew its market share to 12.85%, serving 1.4 million more hostnames than last month. Amongst the million busiest sites, nginx is now almost neck-and-neck with Microsoft IIS — both have a market share of just under 13% and there are now fewer than 500 individual sites separating them.
Tengine, an nginx derivative maintained by Taobao, a large Chinese internet retailer, is now used on almost 4 million hostnames, including at the Internet Archive. Alibaba, the parent company of Taobao, has the second largest number of hostnames in China and accounts for more than 11% of the hostnames we find in China. Though China accounts for 19% of the world’s population, only 5.8% of the world's websites are hosted in China. Microsoft leads the way in China, with 38% of Chinese-hosted sites using IIS; just 26% use Apache, while usage of nginx — 19% — is significantly above-average.
Developer January 2013 Percent February 2013 Percent Change Apache 348,119,032 55.26% 344,915,105 54.68% -0.58 Microsoft 106,619,177 16.93% 104,647,425 16.59% -0.34 nginx 79,640,472 12.64% 81,074,694 12.85% 0.21 22,573,858 3.58% 22,717,984 3.60% 0.02
In the January 2013 survey we received responses from 629,939,191 sites.
Apache continued its decline in market share that began in mid-2012, now having 100 million fewer hostnames than in June 2012: it still retains a clear majority at 55.26% of the market. Both within the million busiest sites and on the internet as a whole, nginx has continued its ascendance, increasing its market share to 12.77% and 12.64% respectively. Where the version is known, the widest deployed version of nginx is the current stable branch (1.2.x) but the bulk of Apache users are still using the 2.2.x branch of Apache httpd despite the new features available in the 2.4.x branch which has been available since February 2012.
Amazon now hosts 9.3 million hostnames using their cloud computing platforms — gaining more than one million sites this month, and more than doubling within the past year. The most used web server at Amazon is nginx, being used on more than 44% of all hostnames, many of which are being served by Heroku, a Platform as a Service (PaaS) provider.
Notwithstanding Amazon's fast growth, Go Daddy hosts 36 million sites — nearly 6% of the world's websites — making it the largest hosting company in terms of hostnames. The number of sites hosted does not, however, necessarily scale with the number of computers (physical or virtual) used to serve the corresponding content: shared hosting providers will often be able to host several hundred or even thousand sites from a single machine, whereas VPS and dedicated hosting providers may only serve a few. Although Netcraft found 23k web-facing computers at Go Daddy, Amazon has been the largest hosting company in terms of web-facing computers since September 2012 with 139k web-facing computers this month — Go Daddy hosts, on average, more than 23 times more sites per web-facing computer than Amazon. Although Go Daddy is the largest hosting company by hostname, the distribution of sites hosted is skewed towards the less busy: it hosts 2.6% of the million busiest sites, and only a single site in the top 1,000. Amazon, on the other hand, hosts a similar number in the million busiest, and 5.1% of the top 1,000 sites.
Almost two-thirds of the web-facing computers at Go Daddy run Microsoft Windows, with the vast majority running Windows server 2008. With such a high proportion of Windows-powered websites, Go Daddy, unsurprisingly, hosts the largest number of sites powered by ASP.NET. More than 24 million sites hosted by Go Daddy were actively using ASP.NET, whereas relatively few (2.4 million) were using the otherwise popular PHP scripting language.
Developer December 2012 Percent January 2013 Percent Change Apache 352,951,511 55.70% 348,119,032 55.26% -0.43 Microsoft 111,570,010 17.61% 106,619,177 16.93% -0.68 nginx 76,460,756 12.07% 79,640,472 12.64% 0.58 21,870,614 3.45% 22,573,858 3.58% 0.13
In the December 2012 survey we received responses from 633,706,564 sites - an increase of over 8 million since November.
Microsoft IIS experienced the largest gain this month, with the movement of an advertising network of 4.7M Apache hostnames to IIS 7.5 contributing to an overall 8.2M increase - their largest in over a year. As a result of the switch, Apache saw an equivalent loss, reducing their market share by 1.53 percentage points. Despite Apache's continuing downward trend over the last few months, they still hold on to more than half of the market (55.70%). Strong growth was also experienced by nginx this month, with a gain of 2M hostnames resulting in another increase to its market share.
nginx also further increased its market share within the million busiest sites, which now stands at 12.44%, as did Microsoft, which remains slightly ahead with a 13.22% share. While overall the survey sees IIS/6.0 as the most popular version of Microsoft's web server software, with a 41 percentage point lead over other versions, within the million busiest sites IIS/7.5 looks set to soon overtake it. IIS/7.5 is now used to serve 40% of IIS websites within the top million, just 4.8k and 4 percentage points behind IIS/6.0.
Linux Rootkit Found Infecting Webservers with iFrame Injection
A new rootkit, which can infect web servers running on 64-bit GNU/Linux, has been discovered which attacks web surfers with drive-by-downloads. The malware works by injecting an iFrame directly into the outgoing TCP packets of the infected machine, allowing it to infect all web traffic from the server. It was first discovered on a server running nginx, however it does not appear to be targeting nginx specifically.
ICANN Early Warnings Filed
More than half of the sites found by Netcraft's survey use the .com top-level domain, but ICANN is in the process of creating additional TLDs. On 20 November 2012, the Governmental Advisory Committee of ICANN filed 242 Early Warnings on individual applications for new top-level domains. These warnings are notices rather than formal objections, and do not directly lead to a process that can result in an application being rejected; however, they are indicative of likely formal objections later on in the application process. Most of the warnings that have been issued consist of "requests for information, or requests for clarity on certain aspects of an application".
Prominent among the list of Early Warnings is Amazon EU, which applied for .app, .book, .cloud, .game, .mail, .map, .mobile, .movie, .music, .news, .search, .shop, .show, .song, .store, .tunes, .video, plus several other unicode TLDs in other scripts and languages. Many of these TLDs have been described as generic terms that relate to broad market sectors, which could have a negative impact on competition if Amazon is to exclude other entities from using them.
India, Australia and the United States have each objected to .airforce, .army and .navy being applied for by United TLD Holdco Ltd. The United States simply claims that these strings are confusingly similar to the names of specific government agencies, while both India and Australia note that words associated with the armed forces are protected in national legislation, and the applied for TLDs could mislead users into thinking that a registrant is associated with these national armed forces.
India goes further to state that these applications have the potential to cause irreparable harm to the security and stability of the nation and suggests that the applicant should withdraw their application. The final rationale behind India's warning makes its position clear: "Allowing sovereign functions in the exclusive hands of foreign corporations whose motivations are unknown, and whose jurisdictions are not accessible for national government should NOT be allowed to happen by ICANN."
Applicants who wish to continue with their applications are advised by the Early Warning document to notify the Governmental Advisory Committee of their intended actions and when these actions will be completed. However, ICANN will still continue to process applications which do not receive a response. Conversely, if an applicant decides to withdraw their application, the applicant can receive a refund of up to 80% of the evaluation fee ($148,000).
Developer November 2012 Percent December 2012 Percent Change Apache 357,865,215 57.23% 352,951,511 55.70% -1.53 Microsoft 103,333,170 16.52% 111,570,010 17.61% 1.08 nginx 74,437,764 11.90% 76,460,756 12.07% 0.16 21,090,410 3.37% 21,870,614 3.45% 0.08