June 2011 Web Server Survey

In the June 2011 survey we received responses from 346,004,403 sites.

Apache was the only major web server software to gain hostnames this month, with growth of 21M and nearly 2.2 percentage points of market share. The largest growth was seen at OVH, which gained more than 8.6M Apache hostnames. Large growth was also seen at Softlayer (5.6M), AmeriNOC (2.5M) and Hanaro Telecom (1.3M).

Among the other server vendors, Microsoft saw the largest loss with 1.4M fewer hostnames than in May. The majority of this loss was caused by VPLS losing nearly 1.5M hostnames.

nginx lost 1.2M hostnames, spread across a large number of hosting companies. The largest loss was at Ecatel, which saw a drop of nearly 700k hostnames.

Google experienced the smallest loss this month with 262k fewer hostnames than last month.

Total Sites Across All Domains
August 1995 - June 2011

Total Sites Across All Domains, August 1995 - June 2011

Market Share for Top Servers Across All Domains
August 1995 - June 2011

Graph of market share for top servers across all domains, August 1995 - June 2011

DeveloperMay 2011PercentJune 2011PercentChange
Continue reading

Most Reliable Hosting Company Sites in May 2011

Rank Company site OS Outage
DNS Connect First
1 Datapipe FreeBSD 0:00:00 0.004 0.053 0.006 0.013 0.016
2 www.serverbeach.com Linux 0:00:00 0.007 0.146 0.005 0.032 0.058
3 iWeb Technologies Linux 0:00:00 0.011 0.101 0.045 0.091 0.091
4 New York Internet FreeBSD 0:00:00 0.011 0.100 0.062 0.125 0.376
5 Swishmail FreeBSD 0:00:00 0.011 0.354 0.062 0.125 0.330
6 www.choopa.com FreeBSD 0:00:00 0.015 0.053 0.036 0.077 0.187
7 www.qubenet.net Linux 0:00:00 0.015 0.167 0.048 0.097 0.097
8 Kattare Internet Services Linux 0:00:00 0.015 0.151 0.097 0.196 0.394
9 www.uk2.net Linux 0:00:00 0.019 0.183 0.059 0.123 0.148
10 Rackspace F5 Big-IP 0:00:00 0.019 0.155 0.063 0.127 0.127

See full table

Datapipe was the most reliable hosting company in May 2011 with only a single failed request from Netcraft's performance monitors this month. Datapipe provides a range of managed services and colocation from data centres in New Jersey, California, London, Shanghai and Hong Kong. In May, Datapipe announced it had secured $176 million dollars in equity and finance to accelerate its expansion.

The second most reliable hosting company in May was www.serverbeach.com, which failed to respond to only two requests. ServerBeach offer cloud services, dedicated servers, managed hosting and colocation. As a child company of PEER 1 hosting, ServerBeach uses its parent company's IT infrastructure and network backbone.

Third this month was iWeb Technologies, a Canadian hosting company based in Montreal. iWeb Technologies provide web hosting, dedicated servers, managed hosting and colocation to customers from around the world.

Netcraft measures and makes available the response times of around forty leading hosting providers' sites. The performance measurements are made at fifteen minute intervals from separate points around the internet, and averages are calculated over the immediately preceding 24 hour period.

From a customer's point of view, the percentage of failed requests is more pertinent than outages on hosting companies' own sites, as this gives a pointer to reliability of routing, and this is why we choose to rank our table by fewest failed requests, rather than shortest periods of outage. In the event the number of failed requests are equal then sites are ranked by average connection times.

Information on the measurement process and current measurements is available.

Blogger maintenance causes extended outage

Blogger is currently experiencing an extended outage after Wednesday's scheduled maintenance introduced some problems. The site was taken down again at approximately 20:00 UTC on Thursday and is still unavailable to blog authors.

Blogger is running in read-only mode while the problem is resolved. This means blogs can still be visited, but authors cannot write new posts and visitors cannot submit comments.

The Blogger Status blog, which is itself hosted on the Blogger platform, has not been updated since Monday. The most recent post read, "Blogger will go into read-only mode Wednesday (5/11) 10:00PM PST for about an hour for maintenance".

There has been speculation that the current outage was caused by a new user interface being rolled out; however, Blogger confirmed through its Twitter stream that this was not the cause.

Some users have expressed anger at losing posts and comments. A Google employee confirmed that Blogger had rolled back to a previous maintenance release, causing all posts and comments made after 7:37 am PDT on May 11 to be removed. The most recent tweet from Blogger suggests that these have only been temporarily removed.

FOX employee data leaked “for the lulz”

Following last week's release of the X Factor 2011 contestant database on BitTorrent, The Lulz Boat (LulzSec on Twitter) has today released the passwords and email addresses of dozens of FOX employees.

Other files uploaded by LulzSec today suggest that the data may have been obtained through a hidden PHP script planted on fox.com, which allowed unauthorised access to a live production database. The attackers also listed the locations and partial content of several PHP configuration files on the server.

Earlier this week, two FOX Twitter accounts were also compromised. Both FOX UP and Fox 15 were hacked, presumably by LulzSec:

LulzSec also claimed to have hacked into 14 LinkedIn accounts belonging to FOX staff. The addresses of the affected accounts were posted on Pastebin.com on Monday, but the profiles have since been taken down.

LulzSec deny being vigilantes, cyberterrorists, or having any political motives. They say "we do it for the lulz" – an expression made popular by a FOX11 news report from 2007, which is often mocked for its inaccurate portrayal of the group Anonymous. Sven Slootweg, owner of AnonNews.org, described the FOX11 report as "complete nonsense" and told Netcraft that it had "spawned a ton of memes".

Sony PlayStation Store back online

Parts of the Sony PlayStation Network are coming back online after more than two weeks of continuous downtime.

The PlayStation Store website went online around 02:00 UTC today, although online gaming services through the PlayStation Network are still undergoing maintenance.

Sony yesterday began the final stages of testing the new PlayStation Network and Qriocity services, making sure they are secure before the services are relaunched.

Six days after the PlayStation Network was taken offline, Sony revealed that 77 million users' names, addresses, email addresses, birth dates, logins and passwords had been compromised by hackers. Although the passwords were transformed with a cryptographic hashing function, weak passwords may nonetheless be vulnerable to offline brute-force attacks. Accordingly, Sony recommended that users change their passwords if they use the same credentials for other, unrelated services.

Although credit card details were stored in an encrypted format, these could also be at risk if the decryption key was stored on, or made available to, any of the compromised servers. However, as of Wednesday, the major credit card companies have not reported any fraudulent transactions resulting directly from the Sony security breach.

Possible security breach at LastPass forces master password changes

LastPass is forcing its users to change their master passwords following a possible security breach. The free, multiplatform password manager software allows individuals to store passwords for many different websites, all of which can then be accessed using a single master password.

LastPass users only need to remember their master password to log into any website.

Users were notified of the issue after LastPass identified anomalous outbound network traffic. Although this traffic could not be accounted for, the amount of data transferred was big enough to include people's email addresses, the server salt and salted password hashes. This would provide enough information for a hacker to carry out an offline brute-force attack against the hashes, possibly allowing plaintext passwords to be recovered from many users.

LastPass remains unsure of what has actually happened, but prudently assumed the worst, noting that, "We realize this may be an overreaction and we apologize for the disruption this will cause, but we'd rather be paranoid and slightly inconvenience you than to be even more sorry later."