October 2014 Web Server Survey

In the October 2014 survey we received responses from 1,028,932,208 sites, which is nearly six million more than last month.

Apache regains the lead

Microsoft lost the lead to Apache this month, as the two giants continue to battle closely for the largest share of all websites. Apache gained nearly 30 million sites, while Microsoft lost 22 million, causing Apache to be thrust back into the lead by more than 36 million sites. In total, 385 million sites are now powered by Apache, giving it a 37.45% share of the market.

A significant contributor to this change was the expiry of domains previously used for link farming on Microsoft IIS servers. The domains used by these link farms were acquired and the sites are now hosted on Apache servers at Confluence-Networks, which display Network Solutions parking notices.

A new major release in the Apache 2.2 legacy branch was announced on 3 September. Apache 2.2.29 also incorporates many changes — including several security fixes — from version 2.2.28, which was not officially released. New versions of nginx stable and mainline were also released during September, which included fixes for an SSL session reuse vulnerability, plus several other bugfixes.

Top million sites

The million busiest websites now represent less than 0.1% of all websites in the survey, but provide an insight into the preferences amongst the sites which are responsible for the great majority of today's web traffic.

Just over half (50.2%) of the top million sites use Apache, which is very similar to its share amongst all active sites; however, nginx's market share is skewed noticeably higher amongst the top million sites, where it powers 20.3% of sites, compared with only 14.3% of all active sites.

Computer growth

The most stable metric is the market share of web-facing computers — hundreds of thousands of websites can easily be served from a single computer (and subsequently disappear all in one go) but it is obviously far less trivial and less desirable to deploy or decommission a significant number of computers. Netcraft's survey is also able to identify distinct computers which use multiple web-facing IP addresses, which adds further stability.

Apache leads in this market with a 47.5% share, and Microsoft also performs well with 30.7%, but both have been gradually falling over the past few years as a result of nginx's strong growth. nginx gained more than 17,000 additional web-facing computers this month, helping to bring its market share up to 10.3%.

New top level domains

The relatively new .xyz domain, which showed tremendous growth over the past couple of months, has started to flatten out slightly after gaining only 33,000 sites this month (+8%). Nonetheless, this is still quite a healthy gain, albeit notably less than last month's growth of 177,000 hostnames which then boosted its total by 78%.

Other promising TLDs include .london, .hamburg and .公司, each of which had fewer than 50 sites in last month's survey, but now have 17,000, 11,000 and 10,000 sites respectively.

The internationalised .公司 (.xn--55qx5d) TLD is delegated to the Computer Network Information Center of Chinese Academy of Sciences. It means "company", making it the Chinese equivalent of .com.

Total number of websites

Web server market share

DeveloperSeptember 2014PercentOctober 2014PercentChange
Apache355,925,98534.79%385,354,99437.45%2.66
Microsoft371,406,90936.31%345,485,41933.58%-2.73
nginx144,717,67014.15%148,330,19014.42%0.27
Google19,499,1541.91%19,431,0261.89%-0.02
Continue reading

Phishing with data: URIs

A recent spate of phishing attacks has taken to using the data URI scheme for evil. Supported in most browsers, these special URIs allow the content of a phishing page to be contained entirely within the URI itself, effectively eliminating the need to host the page on a remote web server and adding an additional layer of indirection.

One of these attacks is demonstrated below, where a phishing campaign was used to herd victims to a compromised site in the US, which then redirected them to a Base64-encoded data URI. This particular example impersonates Google Docs in an attempt to steal email addresses and passwords from Yahoo, Gmail, Hotmail, and AOL customers.

Google Docs phishing site using data: URI

All of the attacks use Base64-encoded data URIs, rather than human-readable plain text, making it harder for people, simple firewalls and other content filters to detect the malicious content.

Most phishing sites are hosted on compromised websites, but can also be seen using purpose-bought domain names and bulletproof hosting packages that have been paid for fraudulently. However, fraudsters can take advantage of open redirect vulnerabilities to "host" these malicious data URIs without the need for conventional web hosting.

This situation is ideal for scenarios such as malware delivery and social engineering attacks where no subsequent client-server interaction is required, but phishing sites still need some way of transmitting their victim's credentials to the fraudster. Most phishing attacks that use data URIs resort to the traditional method of transmitting stolen credentials, i.e. POSTing them to a script on a remote web server. However, with no obvious phishing content being hosted on the remote web server, such scripts could be more difficult for third parties to take down; and as long as they remain functional, each one can continue to be used by any number of data URI attacks.

Another interesting example which impersonated an eBay login page is shown below. If a victim is unfortunate enough to fall for this particular phishing attack, his credentials will be transmitted to a PHP script hosted on a compromised web server in Germany.

eBay phishing site using a data: URI

This demonstrates an interesting deficiency in Google Chrome: If the data URI is longer than 100,000 characters, then none of the Base64-encoded data within the URI will be displayed in the address bar. Rather than truncating the URI, Chrome's address bar will only display the string "data:".

This behaviour could make it more difficult for wary victims to report such attacks. Although the victim is viewing an eBay phishing page, if he tries to copy the URI from the address bar in Chrome, the clipboard will still only contain the string "data:".

The Netcraft Extension provides protection against the redirects used in the phishing attacks above, and Netcraft's open redirect detection service can be used to identify website vulnerabilities which would allow fraudsters to easily redirect victims to similar phishing content.

Most Reliable Hosting Company Sites in September 2014

Rank Performance Graph OS Outage
hh:mm:ss
Failed
Req%
DNS Connect First
byte
Total
1 Qube Managed Services Linux 0:00:00 0.004 0.086 0.023 0.046 0.046
2 GoDaddy.com Inc Linux 0:00:00 0.013 0.149 0.012 0.200 0.205
3 Memset Linux 0:00:00 0.013 0.111 0.055 0.132 0.217
4 www.dinahosting.com Linux 0:00:00 0.013 0.242 0.080 0.159 0.159
5 Swishmail FreeBSD 0:00:00 0.022 0.124 0.073 0.144 0.186
6 ServerStack Linux 0:00:00 0.022 0.081 0.076 0.151 0.151
7 Datapipe FreeBSD 0:00:00 0.030 0.102 0.016 0.032 0.048
8 EveryCity SmartOS 0:00:00 0.030 0.083 0.054 0.107 0.107
9 Logicworks Linux 0:00:00 0.030 0.143 0.073 0.152 0.340
10 Pair Networks FreeBSD 0:00:00 0.030 0.219 0.082 0.166 0.579

See full table

Qube had the most reliable company site in September with only a single failed request. This is the fourth time this year that Qube has made it to first place, nudging ahead of Datapipe's track record this year. Qube offers a Hybrid cloud service, where physical servers and equipment are integrated with its cloud hosting with a secure connection between the two networks.

The second most reliable hosting company site belonged to GoDaddy, the world's largest domain registrar, and had only 3 failed requests in September. Memset and dinahosting also had only 3 failed requests and thus they were ranked by average connection times.

In third place is Memset. Memset was last ranked in the top 10 in June 2013 when it achieved 9th place with 6 failed requests. Memset offers its customers a Perimeter Patrol service, which involves regular scanning of Memset servers to highlight security vulnerabilities.

Linux was still the most popular operating system of choice, used by 6 of the top 10, followed by FreeBSD which was used by 3. EveryCity, however, uses SmartOS, a community fork of OpenSolaris geared towards cloud hosting using KVM virtualisation.

Netcraft measures and makes available the response times of around forty leading hosting providers' sites. The performance measurements are made at fifteen minute intervals from separate points around the internet, and averages are calculated over the immediately preceding 24 hour period.

From a customer's point of view, the percentage of failed requests is more pertinent than outages on hosting companies' own sites, as this gives a pointer to reliability of routing, and this is why we choose to rank our table by fewest failed requests, rather than shortest periods of outage. In the event the number of failed requests are equal then sites are ranked by average connection times.

Information on the measurement process and current measurements is available.

September 2014 Web Server Survey

In the September 2014 survey we received responses from 1,022,954,603 sites — nearly 31 million more than last month.

More than a billion websites

This is the first time the survey has exceeded a billion websites, a milestone achievement that was unimaginable two decades ago.

Netcraft's first ever survey was carried out over 19 years ago in August 1995. That survey found only 18,957 sites, although the first significant milestone of one million sites was reached in less than two years, by April 1997.

Fuelled by the dot-com bubble between 1997 and 2000, the survey reached nearly 10 million sites by the start of 2000. The active sites metric was added to our survey shortly afterwards, immediately showing that a significant proportion of websites were automatically generated, displaying identical tag structures, and used for activities such as holding pages, typo-squatting advertising providers, speculative domain registrants, and search-engine optimisation companies.

Rapid hostname growth has continued ever since, with the number of active sites increasing at a far gentler rate. Just under half of the hostnames in our June 2000 survey were active sites, whereas today, less than one in five are active — 178 million active sites in total.

Microsoft, Apache, and nginx

Microsoft and Apache currently take the lion's share of the web server market (just over 71% combined), while Microsoft edged into the lead for the first time in July 2014. Nginx has been steadily gaining share over the last 7 years, and is now used to serve just over 14% of all hostnames.

The view by number of active sites is very different, however. While Microsoft has seen a rapid growth in their hostname market share of around 20 percentage points since September 2011, there has been almost no change in their share of the active sites in this time. Nginx overtook Microsoft in terms of active sites in 2012, and today has a market share of 14.5% – more than 2 points ahead of Microsoft, whose web server software is used by only 11.9% of active sites. However, Apache truly dominates this market, with more than half of all active sites choosing to use Apache software.

Recently nginx has been seeing even greater gains in terms of web facing computers, doubling their market share in the last 2 years to just over 10% this month. Apache and Microsoft are continuing to experience increases in their number of web facing computers, however the growth is often far smaller than that of nginx. This month they gained just 323 and 414 computers respectively, compared to an increase of over 17k for nginx.

New top level domains

Dozens of new TLDs were added to the Root Zone during this month's survey, including .deals, .healthcare, .realtor, .auction, .yandex, .city and .lgbt. Recent additions which have now started to experience growth in the survey include .media, .services, .reisen, .pictures, .exchange and .toys. Each of these TLDs had only two or three sites last month, but all are now in their thousands.

The .xyz domain, which we mentioned last month, has outpaced all of the other new gTLDs after a Network Solutions promotion offering a free matching .xyz domain with each .com domain purchased. This month an additional 177,000 hostnames were found under this TLD, bringing the total number of .xyz sites up by 78% to 403,000. Even faster growth was seen among the .中国 (xn--fiqs8s) internationalised domain name for China, which grew by 181% to a total of 73,000 sites.

Total number of websites

Web server market share

DeveloperAugust 2014PercentSeptember 2014PercentChange
Microsoft367,805,41637.07%371,406,90936.31%-0.76
Apache346,702,99034.94%355,925,98534.79%-0.15
nginx135,037,73813.61%144,717,67014.15%0.54
Google20,076,8902.02%19,499,1541.91%-0.12
Continue reading

Most Reliable Hosting Company Sites in August 2014

Rank Performance Graph OS Outage
hh:mm:ss
Failed
Req%
DNS Connect First
byte
Total
1 EveryCity SmartOS 0:00:00 0.004 0.081 0.054 0.108 0.108
2 Hyve Managed Hosting Linux 0:00:00 0.008 0.187 0.052 0.103 0.105
3 XILO Communications Ltd. Linux 0:00:00 0.008 0.164 0.055 0.110 0.185
4 krystal.co.uk Linux 0:00:00 0.008 0.103 0.057 0.130 0.130
5 Webair Internet Development Linux 0:00:00 0.008 0.162 0.069 0.137 0.241
6 Server Intellect Windows Server 2012 0:00:00 0.008 0.063 0.125 0.255 0.634
7 Qube Managed Services Linux 0:00:00 0.013 0.073 0.021 0.043 0.043
8 Bigstep Linux 0:00:00 0.013 0.237 0.059 0.115 0.115
9 Host Europe Linux 0:00:00 0.013 0.125 0.062 0.149 0.152
10 ServerStack Linux 0:00:00 0.013 0.072 0.073 0.145 0.145

See full table

EveryCity had the most reliable hosting company site in August, with only one failed request. EveryCity has been in business for more than seven years, during which time it has hosted websites for many global brands, including Disney, Ikea, Lego, MTV, Skype, SoundCloud and Thomson Reuters.

Although EveryCity's site has only been monitored by Netcraft since April, it has attained 100% uptime ever since, and also ranked as the third most reliable hosting company site in both May and July. EveryCity uses the SmartOS operating system extensively, exploiting its combination of OpenSolaris and Linux KVM virtualisation technology.

With two failed requests (but a slightly faster average connection time), Hyve Managed Hosting had the second most reliable hosting company site in August. Hyve also ranked second last month, and has made it into the top ten a total of six times so far this year.

Hyve is the UK's first enterprise VMware cloud hosting provider, and its primary data centre is based in an enhanced tier III facility based in London. This data centre can store nearly half a million litres of diesel to support 50 hours of running at full capacity in the event of a power outage. Hyve's other data centres are based in New Jersey, California, Hong Kong and Shanghai.

XILO Communications came third in August, with two failed requests and an average connection time slightly longer than that of both EveryCity and Hyve. Its uptime over the past two years is 99.996%. krystal.co.uk, Webair Internet Development and Server Intellect also had two failed requests, but with longer average connection times than XILO.

Eight of August's top ten most reliable hosting company sites were served from Linux computers, while Server Intellect used Windows Server 2012 and EveryCity used SmartOS, which is a community fork of OpenSolaris designed specifically for cloud computing.

Netcraft measures and makes available the response times of around forty leading hosting providers' sites. The performance measurements are made at fifteen minute intervals from separate points around the internet, and averages are calculated over the immediately preceding 24 hour period.

From a customer's point of view, the percentage of failed requests is more pertinent than outages on hosting companies' own sites, as this gives a pointer to reliability of routing, and this is why we choose to rank our table by fewest failed requests, rather than shortest periods of outage. In the event the number of failed requests are equal then sites are ranked by average connection times.

Information on the measurement process and current measurements is available.

August 2014 Web Server Survey

In the August 2014 survey we received responses from 992,177,228 sites — four million fewer than last month.

Despite losing more than six million hostnames and its lead over Apache shrinking to 2.13 percentage points, Microsoft managed to retain the top spot it snatched from Apache last month. Many of the lost hostnames that were using Microsoft IIS belonged to a single Chinese link farm; these sites typically last just a few months and so such volatility in the number of hostnames is no surprise. Apache was the only major server vendor to gain hostnames, adding more than 780,000.

Web Server Developer - Market Share of Computers

The number of web-facing computers, on the other hand, is less susceptible to fluctuations, representing the install base of each server vendor.

Web server market share for computers

DeveloperJuly 2014PercentAugust 2014PercentChange
Apache2,321,14147.92%2,338,92747.83%-0.09
Microsoft1,512,93331.24%1,515,67431.00%-0.24
nginx460,7959.51%478,7939.79%0.28

Whilst nginx lost more than six million hostnames — many from link farms of a similar nature to those using IIS albeit on a smaller scale — the number of web-facing computers running the open-source web server grew by almost 18,000. Although nginx had the largest growth this month, Apache was not far behind, growing by almost 17,800 web-facing computers. Despite this growth, Apache's share of web-facing computers fell slightly, though it retains its lead over Microsoft by a comfortable margin (47.8% vs 31%).

Although all of the major server vendors have experienced regular and steady growth in the web-facing computers metric, they have often been outpaced by nginx. Both Apache and IIS have seen a slow decline in market share as a result, losing 0.9 and 2.4 percentage points respectively over the last year. nginx's share of web-facing computers is now just shy of 10%, almost double its share in August 2012.

DigitalOcean opens London data centre

Cloud hosting provider DigitalOcean has seen tremendous growth over the past 18 months, and this month became the 5th largest hosting provider in terms of web-facing computers. More than half of all Digital Ocean droplets are running Apache, and a further 43% use nginx.

In July, DigitalOcean opened a new data centre in London, its third data centre in Europe. If the growth rate of their Singapore data centre is anything to go by, DigitalOcean could soon become one of the largest hosting providers in the UK.

Less than a month after opening their Singapore data centre in February 2014, DigitalOcean became the 8th largest provider in Singapore. Half a year later, DigitalOcean is now the second largest hosting provider in Singapore, with a total 4,900 computers, trailing only Amazon, which has more than 12,000 web-facing computers.

Explosive growth on .xyz

The biggest gain among the new gTLDs was on .xyz, which entered general availability on July 2nd. In just over a month, .xyz has grown by 225,000 hostnames, and is already the largest of the new gTLDs by both hostnames and domains. Almost all the growth appears to be the result of a Network Solutions promotion which offers a free matching .xyz domain with each .com domain purchased. Almost 200,000 of these new hostnames resolve to a single IP address, which shows a Network Solutions domain holding page.

Other large growths among the new gTLDs include .berlin which gained 85,500 hostnames, .club (+9,700), and .events (+5,500).

Microsoft using Brazilian IP address space in US

Microsoft recently opened an Azure data centre in São Paulo, making its first foray into South America. Shortly after the data centre was opened, some Azure users began noticing that their virtual machines were being assigned Brazilian IP addresses despite not using the new Brazilian data centre. Microsoft attributed this behaviour to its dwindling supply of available IPv4 address space, particularly in the United States. This month, almost 9,000 hostnames were found on 1,600 Brazilian IP addresses despite being hosted in one of Microsoft's other Azure data centres.

Total number of websites
 
Web server market share
 
Developer July 2014 Percent August 2014 Percent Change
Microsoft 373,869,026 37.53% 367,805,416 37.07% -0.46
Apache 345,921,550 34.73% 346,702,990 34.94% 0.22
nginx 141,041,852 14.16% 135,037,738 13.61% -0.55
Google 20,511,505 2.06% 20,076,890 2.02% -0.04
Continue reading