In the January 2019 survey we received responses from 1,518,207,412 sites, 228,607,903 unique domains, and 8,209,715 web-facing computers. This reflects a loss of 138 million sites, and gains of 768.9k domains, and 61.9k web-facing computers.
The vast majority of the loss of sites this month was seen for those using Microsoft web server software — dropping by 203 million sites (-29%). While much of this loss was concentrated at a single hosting provider and made up of automatically generated sites, Microsoft suffered losses in all metrics this month, albeit with much smaller reductions elsewhere. While Microsoft lost more than two hundred million sites in a single month, the net loss of domains was just 89k. Much of this drop can be attributed to IIS 6.0 and 7.5, while the latest version 10.0 saw a gain of 89k domains, and IIS 8.5 gained 164k.
nginx continues to gain market share in the web-facing computer metric, with the largest increase of 47k computers this month being more than double that of Apache's 21k gain. In the domains market nginx remains at somewhat of a plateau, with a loss of 144k domains taking its market share down to 22.7% — just 0.2pp higher than its share in April 2018. The largest factor this month — a single domain parking company, Bodis, moving all of its parked sites over to OpenResty. While the survey tracks these two products separately, OpenResty makes uses of the nginx core, integrating it with additional Lua-based modules.
Apache experienced a large gain in the domains metric this month with an increase of 245k. However, even with the losses seen for both Microsoft and nginx, it was not enough to boost Apache's market share which remains at 32.5%. The largest gain in domains came again for Cloudflare with an increase of 500k. Cloudflare predominantly uses its own server software originally based on nginx. OpenResty also saw greater gains than the market leader Apache, increasing by 388k with help from the movement of sites from nginx at Bodis.
Apache has released an update to httpd 2.4.38 to address an "important" remote DoS vulnerability, which allowed remote attackers to trigger an infinite loop through client-initiated renegotiation on servers using httpd 2.4.37 and OpenSSL version 1.1.1 or later. This is the first "important" level security issue in Apache HTTP Server since July 2017.
|Developer||December 2018||Percent||January 2019||Percent||Change|