In the April 2013 survey we received responses from 649,072,682 sites, 17.6M more than last month.

This month, market leader Apache lost 9.9M sites, or 3 percentage points of market share. A major contributor to this loss was the movement of a large affiliate referral network consisting of around 8M sites now being served by nginx. Apache is now used by just over 51% of websites, which is still substantially more than its closest competitor Microsoft IIS. IIS gained 1.95 percentage points of market share this month (an increase of 15.8M hostnames) bringing its market share to almost 20%. Meanwhile, nginx saw an overall growth of 10.6M sites this month, with the largest nginx hosting company, Hetzner Online AG, contributing an additional 1.6M sites.

In terms of active sites the survey was less volatile. Apache still experienced an overall loss, however much smaller at just 288k active sites. The biggest increase came from nginx, and was unrelated to their large hostname gain described earlier, with Peer1 Networks gaining 1.5M nginx active sites.

North Korea's drew the world's attention to its web presence by accusing the United States and its allies of "intensive and persistent virus attacks" on servers operated by the North Korean regime. The Korean Central News Agency's press release goes on to assert that:

"It is nobody's secret that the U.S. and south Korean puppet regime are massively bolstering up cyber forces in a bid to intensify the subversive activities and sabotages against the DPRK [Democratic People's Republic of Korea]."

There is only a very small number of North Korean sites accessible from outside of the country; however, these sites do make use of several modern and popular web technologies from around the globe. The Rodong Sinmun newspaper's site uses PHP and CentOS 5, and hosts an HTTPS service with an expired self-signed certificate. More controversially, The Korean Central News Agency's official website uses Java, Flash and jQuery and is hosted using Apache 2.2.3 on a server running Red Hat Enterprise Linux 5, a commercial Linux distribution which is owned, distributed and supported by American multinational Red Hat, Inc. Red Hat Enterprise Linux is subject to U.S. export controls, which specifically prohibit its use in North Korea. As a result, this installation is likely unlicensed and so may not receive security updates.

Meanwhile in South Korea, the Government of Korea, an SSL certificate authority (CA) trusted by Microsoft has revoked the last of more than 100 unusual SSL certificates each of which could have allowed its owner to act as a trusted CA. With the ability conferred by the cA bit being set in the Basic Constraints extension, a forged certificate signed using the mis-issued certificate could be trusted for any site by users of some SSL implementations. Any such certificate could be used to perform man-in-the-middle attacks on users of third-party websites in order to view the contents of any intercepted encrypted traffic. There is an additional property which is usually required for a certificate to be considered a valid intermediate — ‘Certificate Signing’ should be set as a permissible Key Usage — but some implementations may ignore this extra requirement. None of the Korean certificates found had the necessary flags set in this additional extension, so most implementations would not trust such forged certificates.

The certificates found appear to have been issued to South Korean academic institutions without the intention of them being able to sign additional certificates. These certificates have been in the Netcraft SSL Server Survey for some time but no longer pose a risk: all of the certificates concerned have either been revoked or have expired. The most recent revocation was on January 31st 2013 for a certificate issued in late 2011, showing it was at risk of misuse for more than a year.

In the March 2013 survey we received responses from 631,521,198 sites.

Microsoft showed a noticeable gain of 9M sites this month, increasing its market share by 1.42 percentage points to 18.01%. Much of this growth was seen at Go Daddy, which alone gained 2.6M sites powered by Microsoft web servers. Microsoft also fared well amongst the top million busiest sites, where its market share grew by 0.74 percentage points to 13.60%, increasing its narrow lead over its closest rival, nginx.

More than 130,000 of the sites in Netcraft's survey are hosted on Microsoft's Windows Azure cloud platform, but not all are running Microsoft web servers: Since Microsoft Open Technologies launched its VM Depot preview in January, more than 100 ready-to-use images have been added to the community-driven catalogue of virtual machines. This makes it easier for customers to deploy Linux-based images running preconfigured applications and frameworks such as WordPress, Joomla!, Drupal, Django and MongoDB. The majority of these images are based on Ubuntu Linux, and many of them use Apache and PHP to serve their content.

nginx also saw a reasonable gain in market share this month, with an additional 4.4M sites taking its share up by 0.68 percentage points to 13.53%. The most recent development release of nginx (1.3.13) introduced support for proxying WebSocket connections – an HTML5 technology which provides full-duplex communications between a browser and a web application over a single TCP connection. WebSockets are supported by all modern desktop browser software, for which the protocol specification defines two URI schemes: ws: for unencrypted connections, and wss: for secure ones. The development of WebSocket support in nginx was sponsored by CloudBees and Apcera, who will both be making use of the new feature in their own services.

nginx performed less well amongst the top million sites, where it had looked set to overtake Microsoft this month. Instead, a net loss of 910 nginx sites resulted in its share falling to 12.72%.

In the February 2013 survey we received responses from 630,795,511 sites.

Both Apache and Microsoft IIS were used on fewer sites this month, losing more than five million hostnames between them. Conversely, nginx grew its market share to 12.85%, serving 1.4 million more hostnames than last month. Amongst the million busiest sites, nginx is now almost neck-and-neck with Microsoft IIS — both have a market share of just under 13% and there are now fewer than 500 individual sites separating them.

Tengine, an nginx derivative maintained by Taobao, a large Chinese internet retailer, is now used on almost 4 million hostnames, including at the Internet Archive. Alibaba, the parent company of Taobao, has the second largest number of hostnames in China and accounts for more than 11% of the hostnames we find in China. Though China accounts for 19% of the world’s population, only 5.8% of the world's websites are hosted in China. Microsoft leads the way in China, with 38% of Chinese-hosted sites using IIS; just 26% use Apache, while usage of nginx — 19% — is significantly above-average.

Taobao is a magnet for Phishing attacks — Netcraft is currently blocking almost six thousand URLs targeting Taobao customers. After Facebook, Taobao.com is one of the busiest websites powered by PHP and also makes heavy use of JavaScript, though not using one of the more popular frameworks, instead using an open-sourced in-house developed library, KISSY.

In the January 2013 survey we received responses from 629,939,191 sites.

Apache continued its decline in market share that began in mid-2012, now having 100 million fewer hostnames than in June 2012: it still retains a clear majority at 55.26% of the market. Both within the million busiest sites and on the internet as a whole, nginx has continued its ascendance, increasing its market share to 12.77% and 12.64% respectively. Where the version is known, the widest deployed version of nginx is the current stable branch (1.2.x) but the bulk of Apache users are still using the 2.2.x branch of Apache httpd despite the new features available in the 2.4.x branch which has been available since February 2012.

Amazon now hosts 9.3 million hostnames using their cloud computing platforms — gaining more than one million sites this month, and more than doubling within the past year. The most used web server at Amazon is nginx, being used on more than 44% of all hostnames, many of which are being served by Heroku, a Platform as a Service (PaaS) provider.

Notwithstanding Amazon's fast growth, Go Daddy hosts 36 million sites — nearly 6% of the world's websites — making it the largest hosting company in terms of hostnames. The number of sites hosted does not, however, necessarily scale with the number of computers (physical or virtual) used to serve the corresponding content: shared hosting providers will often be able to host several hundred or even thousand sites from a single machine, whereas VPS and dedicated hosting providers may only serve a few. Although Netcraft found 23k web-facing computers at Go Daddy, Amazon has been the largest hosting company in terms of web-facing computers since September 2012 with 139k web-facing computers this month — Go Daddy hosts, on average, more than 23 times more sites per web-facing computer than Amazon. Although Go Daddy is the largest hosting company by hostname, the distribution of sites hosted is skewed towards the less busy: it hosts 2.6% of the million busiest sites, and only a single site in the top 1,000. Amazon, on the other hand, hosts a similar number in the million busiest, and 5.1% of the top 1,000 sites.

Almost two-thirds of the web-facing computers at Go Daddy run Microsoft Windows, with the vast majority running Windows server 2008. With such a high proportion of Windows-powered websites, Go Daddy, unsurprisingly, hosts the largest number of sites powered by ASP.NET. More than 24 million sites hosted by Go Daddy were actively using ASP.NET, whereas relatively few (2.4 million) were using the otherwise popular PHP scripting language.

In the December 2012 survey we received responses from 633,706,564 sites - an increase of over 8 million since November.

Microsoft IIS experienced the largest gain this month, with the movement of an advertising network of 4.7M Apache hostnames to IIS 7.5 contributing to an overall 8.2M increase - their largest in over a year. As a result of the switch, Apache saw an equivalent loss, reducing their market share by 1.53 percentage points. Despite Apache's continuing downward trend over the last few months, they still hold on to more than half of the market (55.70%). Strong growth was also experienced by nginx this month, with a gain of 2M hostnames resulting in another increase to its market share.

nginx also further increased its market share within the million busiest sites, which now stands at 12.44%, as did Microsoft, which remains slightly ahead with a 13.22% share. While overall the survey sees IIS/6.0 as the most popular version of Microsoft's web server software, with a 41 percentage point lead over other versions, within the million busiest sites IIS/7.5 looks set to soon overtake it. IIS/7.5 is now used to serve 40% of IIS websites within the top million, just 4.8k and 4 percentage points behind IIS/6.0.

Linux Rootkit Found Infecting Webservers with iFrame Injection

A new rootkit, which can infect web servers running on 64-bit GNU/Linux, has been discovered which attacks web surfers with drive-by-downloads. The malware works by injecting an iFrame directly into the outgoing TCP packets of the infected machine, allowing it to infect all web traffic from the server. It was first discovered on a server running nginx, however it does not appear to be targeting nginx specifically.

ICANN Early Warnings Filed

More than half of the sites found by Netcraft's survey use the .com top-level domain, but ICANN is in the process of creating additional TLDs. On 20 November 2012, the Governmental Advisory Committee of ICANN filed 242 Early Warnings on individual applications for new top-level domains. These warnings are notices rather than formal objections, and do not directly lead to a process that can result in an application being rejected; however, they are indicative of likely formal objections later on in the application process. Most of the warnings that have been issued consist of "requests for information, or requests for clarity on certain aspects of an application".

Prominent among the list of Early Warnings is Amazon EU, which applied for .app, .book, .cloud, .game, .mail, .map, .mobile, .movie, .music, .news, .search, .shop, .show, .song, .store, .tunes, .video, plus several other unicode TLDs in other scripts and languages. Many of these TLDs have been described as generic terms that relate to broad market sectors, which could have a negative impact on competition if Amazon is to exclude other entities from using them.

India, Australia and the United States have each objected to .airforce, .army and .navy being applied for by United TLD Holdco Ltd. The United States simply claims that these strings are confusingly similar to the names of specific government agencies, while both India and Australia note that words associated with the armed forces are protected in national legislation, and the applied for TLDs could mislead users into thinking that a registrant is associated with these national armed forces.

India goes further to state that these applications have the potential to cause irreparable harm to the security and stability of the nation and suggests that the applicant should withdraw their application. The final rationale behind India's warning makes its position clear: "Allowing sovereign functions in the exclusive hands of foreign corporations whose motivations are unknown, and whose jurisdictions are not accessible for national government should NOT be allowed to happen by ICANN."

Applicants who wish to continue with their applications are advised by the Early Warning document to notify the Governmental Advisory Committee of their intended actions and when these actions will be completed. However, ICANN will still continue to process applications which do not receive a response. Conversely, if an applicant decides to withdraw their application, the applicant can receive a refund of up to 80% of the evaluation fee ($148,000).