January 2022 Web Server Survey
17th January, 2022
In the January 2022 survey we received responses from 1,167,715,133 sites across 269,835,071 unique domains and 11,700,892 web-facing computers. This reflects a loss of 1.15 million sites, but a gain of 1.51 million domains and 31,100 computers.
nginx lost 7.33 million sites this month (-1.91%) but continues to be the most commonly used web server with 32.3% of all sites using it. Although nginx’s share has fallen, Apache is still more than eight percentage points behind after losing 3.70 million sites (-1.31%), which has taken its own market share down to 23.9%.
nginx also leads in the domains metric, where it has a share of 26.6% compared with Apache’s 23.9%. This reflects a small reduction in nginx’s share – despite a modest gain of 25,400 domains – while Apache suffered the largest loss of 287,000 domains.
The largest site and domain growth was seen by Pepyaka, which is a web server that has primarily been used by the Wix web development platform since it switched from using nginx in 2018. The number of sites using Pepyaka grew by 4.02 million to 7.30 million this month, while its domain count went up by 1.80 million to 3.30 million.
The next largest domain growth was seen by OpenResty, which gained 686,000 domains this month, and 1.34 million sites in total. The second largest site growth was seen by Microsoft, which gained 2.46 million sites and now accounts for 4.86% of all sites and 5.00% of all domains.
Constraining the view to active sites, Apache is still the most commonly used web server, but its market share has fallen slightly to 23.4% after losing more than half a million active sites this month. Meanwhile, nginx gained 230,000 active sites and has increased its share to 20.2%.
Apache also maintains a slight lead in the top million websites, where it is used by 235,000 sites compared with 222,000 for nginx. However, Cloudflare has increased its presence by a further 4,959 sites and is now not too far behind with a total of 191,000. If this trend continues, Cloudflare could soon overtake both nginx and Apache to become the most commonly used top-million web server.
Looking at web-facing computers, nginx’s strong growth continues unabated. This month it is being used by an additional 32,700 web-facing computers and its market share has increased to 37.7%. Its lead over Apache was further extended by Apache’s loss of 29,100 computers, which sent Apache’s share down to 29.9%.
Vendor news
- Apache 2.4.52 was released on 20 December 2021. This is the latest release from the 2.4.x stable branch and includes two security fixes amongst a host of other changes.
- Apache Tomcat 9.0.56, 10.0.14 and 10.1.0-M8 (alpha) were released on 8 December 2021. Each of these versions include a fix for a known operating system bug that could cause incoming connections to be reported more than once.
- nginx 1.21.5 was released on 28 December 2021. This is the latest release in the mainline branch of nginx and is now built with the PCRE2 library by default.
- njs 0.7.1 was also released on 28 December 2021. This release includes several bugfixes and some other changes to ensure that njs scripts use the same regular expression library as nginx.
- Microsoft has mitigated an insecure default behaviour in the Azure App Service that inadvertently exposed hundreds of source code repositories. The team that found the vulnerability noted that it had existed since September 2017 and has probably been exploited in the wild. The problem could have impacted PHP, Node, Ruby, Python and Java applications that serve static content, as well as some Azure App Service Linux applications that were deployed using Local Git after files were created or modified in the content root.
- Cloudflare has introduced a new product called Bulk Redirects, which lets website administrators upload and enable large numbers of URL redirects. These were typically implemented with Page Rules before, which are limited to a maximum of 125 redirects.
- OpenResty 1.21.4.1 RC1 was released on 16 December 2021. This version is based on nginx 1.21.4 and adds several new features including support for BoringSSL.
| Developer | December 2021 | Percent | January 2022 | Percent | Change |
|---|---|---|---|---|---|
| nginx | 384,347,394 | 32.88% | 377,019,054 | 32.29% | -0.60 |
| Apache | 283,409,491 | 24.25% | 279,709,815 | 23.95% | -0.29 |
| OpenResty | 78,902,138 | 6.75% | 80,238,470 | 6.87% | 0.12 |
| Cloudflare | 59,904,450 | 5.13% | 60,881,028 | 5.21% | 0.09 |
Increasing Number of Bank-Themed Survey Scams
12th January, 2022
Examples of bank-themed survey scams seen by Netcraft
Netcraft has seen a large increase in survey scams impersonating well-known banks as a lure. These are often run under the guise of a prize in celebration of the bank’s anniversary, though in some cases a reward is promised just for participating.
These scams first came to Netcraft’s attention around 16 months ago, when businesses that were particularly useful during lockdown such as supermarkets, mobile phone networks, and delivery companies were targeted. The expansion of these attacks to use banks as a lure started in October 2021. To date we have seen over 75 distinct banks used as lures for these survey scams, with a global spread including banks from US, UK, Asia, and the Middle East.
Most Reliable Hosting Company Sites in December 2021
4th January, 2022
| Rank | Performance Graph | OS | Outage hh:mm:ss |
Failed Req% |
DNS | Connect | First byte |
Total |
|---|---|---|---|---|---|---|---|---|
| 1 | Aruba | Linux | 0:00:00 | 0.000 | 0.310 | 0.005 | 0.030 | 0.030 |
| 2 | Rackspace | Linux | 0:00:00 | 0.000 | 0.456 | 0.008 | 0.017 | 0.017 |
| 3 | Hyve Managed Hosting | Linux | 0:00:00 | 0.000 | 0.122 | 0.062 | 0.124 | 0.124 |
| 4 | ServerStack | Linux | 0:00:00 | 0.000 | 0.194 | 0.102 | 0.202 | 0.202 |
| 5 | Pair Networks | Linux | 0:00:00 | 0.000 | 0.342 | 0.113 | 0.227 | 0.227 |
| 6 | CWCS Managed Hosting | Linux | 0:00:00 | 0.007 | 0.284 | 0.062 | 0.123 | 0.124 |
| 7 | Bigstep | Linux | 0:00:00 | 0.007 | 0.170 | 0.064 | 0.128 | 0.128 |
| 8 | www.dinahosting.com | Linux | 0:00:00 | 0.007 | 0.184 | 0.072 | 0.145 | 0.145 |
| 9 | HN Datacenter | Linux | 0:00:00 | 0.007 | 0.559 | 0.224 | 1.080 | 1.089 |
| 10 | krystal.uk | Linux | 0:00:00 | 0.013 | 0.178 | 0.079 | 0.154 | 0.154 |
Aruba finished 2021 as the most reliable hosting company site in December, with no failed requests and the second fastest average connection time. Aruba provides hosting, cloud and digital signature services, fibre optic internet, digital preservation, and much more, with data centres across Europe in the UK, Germany, Czechia, Poland, Italy and France.
The top five hosting company sites each responded to all of Netcraft’s requests in December and so are ranked on their average connection times. The top five is completed by Rackspace, Hyve Managed Hosting, ServerStack and Pair Networks. In second place, Rackspace appeared in the top 10 every month in 2021 and offers a variety of cloud hosting solutions from 19 data centres across five different continents in the Americas, Europe, Asia and Australia. Hyve Managed Hosting also appeared in the top 10 every month in 2021. Hyve offers cloud hosting, dedicated servers and managed services from data centres in 34 locations around the world.
ServerStack appeared 10 times in the top 10 in 2021 and provides managed and dedicated solutions from its three data centres in North America and Amsterdam. Pair Networks made seven top 10 appearances in 2021 and provides a range of managed and dedicated hosting solutions from its data centre in the US, as well as domain registration.
Linux continues to dominate the top 10, with all of the top 10 using Linux in December. Across 2021 Linux appeared 109 times in the top 10, with FreeBSD making 9 appearances and SmartOS appearing once in January 2021.
December 2021 Web Server Survey
22nd December, 2021
In the December 2021 survey we received responses from 1,168,864,866 sites across 268,328,184 unique domains and 11,669,818 web-facing computers. This represents a loss of 6.53 million sites, but a gain of 1.30 million domains and 144,000 computers.
nginx lost a significant number of sites (-23.88 million) and domains (-8.54 million) this month, though it continues to hold the highest market share in both categories with 32.9% of sites and 26.7% of domains. nginx’s domain market share lead over Apache dropped significantly, falling from a 5.6 percentage point lead to a 2.6 percentage point lead. nginx also gained 81,100 web-facing computers this month, giving it 37.5% of market share in this category.
Apache also lost sites (-3.09 million) and domains (-446,000) this month, though it gained 5,700 web-facing computers. Apache continues to hold second place across all three key metrics.
The largest increase in both domains and hostnames was seen for “awselb”, used by Amazon’s Elastic Load Balancing service, and accounts for the majority of the loss experienced by nginx. The change was as a result of GoDaddy’s URL redirector service, which allows domains registered with GoDaddy to be pointed at arbitrary URLs, being moved from their own hosting facilities to Amazon’s ELB service.
Many other web servers also saw reasonable growth in the number of sites this month, with OpenResty and Microsoft gaining 2.42 million and 2.15 million respectively, followed by LiteSpeed and Cloudflare with 1.76 million and 1.28 million. Fewer servers gained domains this month, though OpenResty gained a respectable 850,500 (+2.19%).
Cloudflare gained 2,431 sites in the million most popular sites, increasing its market share by 0.24 percentage points to 18.6%. Apache continues to maintain a slim lead over nginx, though both lost sites this month. Microsoft’s market share dropped, as it lost 4,119 sites this month taking it to 6.15% of the total and down from 6.89% at the start of the year.
Log4Shell impact on web servers
A critical vulnerability dubbed “Log4Shell” was identified in the Java log4j logging library, and was publicly disclosed on 9th December. The vulnerability has impacted a broad range of organizations as the log4j library is widely used, and the flaw can be easily exploited to break into systems, steal data, and infect networks with malicious software.
Many widely-used web servers such as Tomcat and Jetty are written in Java but do not use the log4j library by default so are not directly affected by the issue. However, they can be configured to do so, and it is also possible that sites that use popular web servers written in other languages - Apache and nginx are written in C, for instance - may still use the vulnerable library at some level in their technology stack.
Several less well-known servers integrate the log4j library directly, such as IBM WebSphere. Several WebSphere components such as the Admin Console use the library and so are vulnerable to the issue, while applications served using WebSphere may be vulnerable if they use the library. IBM WebSphere is not widely used: this month Netcraft identified 3,778 sites using the server, which were hosted on 830 IP addresses. Amongst these, Netcraft found government and banking websites, though it is unknown whether these sites are vulnerable.
Vendor news
- Apache 2.4.52 was released on 20 December. This release fixes several security issues, including a possible buffer overflow in mod_lua and server-side request forgery vulnerability in forward proxy configurations.
- nginx unit 1.26.1 was made available on 2 December and fixes several bugs introduced in the 1.26.0 release.
- Lighttpd 1.4.62 and 1.4.63 were released in quick succession at the start of December and include many minor changes and bugfixes.
- Apache Tomcat 9.0.56, 10.0.14, and 10.1.0-M8 (alpha) were released on 2 December.
| Developer | November 2021 | Percent | December 2021 | Percent | Change |
|---|---|---|---|---|---|
| nginx | 408,226,319 | 34.73% | 384,347,394 | 32.88% | -1.85 |
| Apache | 286,494,600 | 24.37% | 283,409,491 | 24.25% | -0.13 |
| OpenResty | 76,480,927 | 6.51% | 78,902,138 | 6.75% | 0.24 |
| Cloudflare | 58,629,365 | 4.99% | 59,904,450 | 5.13% | 0.14 |
Bangladesh, South African and Iraqi Government sites have been found to be hosting web shells
3rd December, 2021
Netcraft recently confirmed that a Bangladesh Army site was hosting an Outlook Web Access (OWA) web shell. Additionally, an OWA web shell was found on the Department of Arts and Culture site for the South-African Kwazulu-Natal province and an Iraqi government site was found to be hosting a PHP shell. Web shells are a common tool used by attackers to maintain control of a compromised web server, providing a web interface from which arbitrary commands can be executed on the server hosting the shell. OWA provides remote access to Microsoft Exchange mailboxes; since the disclosure of the ProxyLogon vulnerabilities in March, Microsoft Exchange has become a popular target for cyberattacks.
Most Reliable Hosting Company Sites in November 2021
1st December, 2021
| Rank | Performance Graph | OS | Outage hh:mm:ss |
Failed Req% |
DNS | Connect | First byte |
Total |
|---|---|---|---|---|---|---|---|---|
| 1 | Rackspace | Linux | 0:00:00 | 0.000 | 0.463 | 0.008 | 0.020 | 0.020 |
| 2 | Bigstep | Linux | 0:00:00 | 0.000 | 0.190 | 0.063 | 0.126 | 0.126 |
| 3 | CWCS Managed Hosting | Linux | 0:00:00 | 0.000 | 0.291 | 0.064 | 0.127 | 0.127 |
| 4 | Hyve Managed Hosting | Linux | 0:00:00 | 0.000 | 0.128 | 0.068 | 0.137 | 0.137 |
| 5 | www.dinahosting.com | Linux | 0:00:00 | 0.000 | 0.189 | 0.072 | 0.144 | 0.144 |
| 6 | Swishmail | Linux | 0:00:00 | 0.000 | 0.218 | 0.098 | 0.196 | 0.196 |
| 7 | ServerStack | Linux | 0:00:00 | 0.000 | 0.201 | 0.104 | 0.205 | 0.205 |
| 8 | Aruba | Linux | 0:00:00 | 0.007 | 0.340 | 0.006 | 0.030 | 0.030 |
| 9 | New York Internet (NYI) | FreeBSD | 0:00:00 | 0.007 | 0.536 | 0.063 | 0.127 | 0.127 |
| 10 | krystal.uk | Linux | 0:00:00 | 0.007 | 0.176 | 0.084 | 0.159 | 0.159 |
Rackspace had the most reliable hosting company site in November 2021, with an average connection time of just 8ms across the month and no failed requests. Rackspace has appeared in the top 10 most reliable hosting company sites every month of the past 12 months, and has taken the number one spot in five of those. Rackspace offers a wide variety of cloud hosting solutions from over 40 data centres across the Americas, Europe, Asia and Australia.
Places two, three and four in November 2021 go to Bigstep, CWCS Managed Hosting and Hyve Managed Hosting respectively. All three of these hosting company sites had no failed requests and were competitive on average connection times, coming in at 63ms, 64ms and 68ms respectively.
Bigstep’s bare metal cloud hosting provides the flexibility of cloud hosting without the associated overhead and performance reductions of virtualization. The bare metal offerings are available in data centres in the UK and Romania. CWCS Managed Hosting offer dedicated servers, cloud and VPS hosting, colocation services, domain names and email services from their seven data centres across the UK, USA and Canada. Hyve Managed Hosting offer cloud hosting, dedicated servers and managed services from data centres in 34 locations around the world.
Nine of the top 10 hosting company sites used Linux in October, continuing the dominance of Linux. In ninth place, New York Internet (NYI) used FreeBSD.