Most Reliable Hosting Company Sites in December 2021
4th January, 2022
| Rank | Performance Graph | OS | Outage hh:mm:ss |
Failed Req% |
DNS | Connect | First byte |
Total |
|---|---|---|---|---|---|---|---|---|
| 1 | Aruba | Linux | 0:00:00 | 0.000 | 0.310 | 0.005 | 0.030 | 0.030 |
| 2 | Rackspace | Linux | 0:00:00 | 0.000 | 0.456 | 0.008 | 0.017 | 0.017 |
| 3 | Hyve Managed Hosting | Linux | 0:00:00 | 0.000 | 0.122 | 0.062 | 0.124 | 0.124 |
| 4 | ServerStack | Linux | 0:00:00 | 0.000 | 0.194 | 0.102 | 0.202 | 0.202 |
| 5 | Pair Networks | Linux | 0:00:00 | 0.000 | 0.342 | 0.113 | 0.227 | 0.227 |
| 6 | CWCS Managed Hosting | Linux | 0:00:00 | 0.007 | 0.284 | 0.062 | 0.123 | 0.124 |
| 7 | Bigstep | Linux | 0:00:00 | 0.007 | 0.170 | 0.064 | 0.128 | 0.128 |
| 8 | www.dinahosting.com | Linux | 0:00:00 | 0.007 | 0.184 | 0.072 | 0.145 | 0.145 |
| 9 | HN Datacenter | Linux | 0:00:00 | 0.007 | 0.559 | 0.224 | 1.080 | 1.089 |
| 10 | krystal.uk | Linux | 0:00:00 | 0.013 | 0.178 | 0.079 | 0.154 | 0.154 |
Aruba finished 2021 as the most reliable hosting company site in December, with no failed requests and the second fastest average connection time. Aruba provides hosting, cloud and digital signature services, fibre optic internet, digital preservation, and much more, with data centres across Europe in the UK, Germany, Czechia, Poland, Italy and France.
The top five hosting company sites each responded to all of Netcraft’s requests in December and so are ranked on their average connection times. The top five is completed by Rackspace, Hyve Managed Hosting, ServerStack and Pair Networks. In second place, Rackspace appeared in the top 10 every month in 2021 and offers a variety of cloud hosting solutions from 19 data centres across five different continents in the Americas, Europe, Asia and Australia. Hyve Managed Hosting also appeared in the top 10 every month in 2021. Hyve offers cloud hosting, dedicated servers and managed services from data centres in 34 locations around the world.
ServerStack appeared 10 times in the top 10 in 2021 and provides managed and dedicated solutions from its three data centres in North America and Amsterdam. Pair Networks made seven top 10 appearances in 2021 and provides a range of managed and dedicated hosting solutions from its data centre in the US, as well as domain registration.
Linux continues to dominate the top 10, with all of the top 10 using Linux in December. Across 2021 Linux appeared 109 times in the top 10, with FreeBSD making 9 appearances and SmartOS appearing once in January 2021.
December 2021 Web Server Survey
22nd December, 2021
In the December 2021 survey we received responses from 1,168,864,866 sites across 268,328,184 unique domains and 11,669,818 web-facing computers. This represents a loss of 6.53 million sites, but a gain of 1.30 million domains and 144,000 computers.
nginx lost a significant number of sites (-23.88 million) and domains (-8.54 million) this month, though it continues to hold the highest market share in both categories with 32.9% of sites and 26.7% of domains. nginx’s domain market share lead over Apache dropped significantly, falling from a 5.6 percentage point lead to a 2.6 percentage point lead. nginx also gained 81,100 web-facing computers this month, giving it 37.5% of market share in this category.
Apache also lost sites (-3.09 million) and domains (-446,000) this month, though it gained 5,700 web-facing computers. Apache continues to hold second place across all three key metrics.
The largest increase in both domains and hostnames was seen for “awselb”, used by Amazon’s Elastic Load Balancing service, and accounts for the majority of the loss experienced by nginx. The change was as a result of GoDaddy’s URL redirector service, which allows domains registered with GoDaddy to be pointed at arbitrary URLs, being moved from their own hosting facilities to Amazon’s ELB service.
Many other web servers also saw reasonable growth in the number of sites this month, with OpenResty and Microsoft gaining 2.42 million and 2.15 million respectively, followed by LiteSpeed and Cloudflare with 1.76 million and 1.28 million. Fewer servers gained domains this month, though OpenResty gained a respectable 850,500 (+2.19%).
Cloudflare gained 2,431 sites in the million most popular sites, increasing its market share by 0.24 percentage points to 18.6%. Apache continues to maintain a slim lead over nginx, though both lost sites this month. Microsoft’s market share dropped, as it lost 4,119 sites this month taking it to 6.15% of the total and down from 6.89% at the start of the year.
Log4Shell impact on web servers
A critical vulnerability dubbed “Log4Shell” was identified in the Java log4j logging library, and was publicly disclosed on 9th December. The vulnerability has impacted a broad range of organizations as the log4j library is widely used, and the flaw can be easily exploited to break into systems, steal data, and infect networks with malicious software.
Many widely-used web servers such as Tomcat and Jetty are written in Java but do not use the log4j library by default so are not directly affected by the issue. However, they can be configured to do so, and it is also possible that sites that use popular web servers written in other languages - Apache and nginx are written in C, for instance - may still use the vulnerable library at some level in their technology stack.
Several less well-known servers integrate the log4j library directly, such as IBM WebSphere. Several WebSphere components such as the Admin Console use the library and so are vulnerable to the issue, while applications served using WebSphere may be vulnerable if they use the library. IBM WebSphere is not widely used: this month Netcraft identified 3,778 sites using the server, which were hosted on 830 IP addresses. Amongst these, Netcraft found government and banking websites, though it is unknown whether these sites are vulnerable.
Vendor news
- Apache 2.4.52 was released on 20 December. This release fixes several security issues, including a possible buffer overflow in mod_lua and server-side request forgery vulnerability in forward proxy configurations.
- nginx unit 1.26.1 was made available on 2 December and fixes several bugs introduced in the 1.26.0 release.
- Lighttpd 1.4.62 and 1.4.63 were released in quick succession at the start of December and include many minor changes and bugfixes.
- Apache Tomcat 9.0.56, 10.0.14, and 10.1.0-M8 (alpha) were released on 2 December.
| Developer | November 2021 | Percent | December 2021 | Percent | Change |
|---|---|---|---|---|---|
| nginx | 408,226,319 | 34.73% | 384,347,394 | 32.88% | -1.85 |
| Apache | 286,494,600 | 24.37% | 283,409,491 | 24.25% | -0.13 |
| OpenResty | 76,480,927 | 6.51% | 78,902,138 | 6.75% | 0.24 |
| Cloudflare | 58,629,365 | 4.99% | 59,904,450 | 5.13% | 0.14 |
Bangladesh, South African and Iraqi Government sites have been found to be hosting web shells
3rd December, 2021
Netcraft recently confirmed that a Bangladesh Army site was hosting an Outlook Web Access (OWA) web shell. Additionally, an OWA web shell was found on the Department of Arts and Culture site for the South-African Kwazulu-Natal province and an Iraqi government site was found to be hosting a PHP shell. Web shells are a common tool used by attackers to maintain control of a compromised web server, providing a web interface from which arbitrary commands can be executed on the server hosting the shell. OWA provides remote access to Microsoft Exchange mailboxes; since the disclosure of the ProxyLogon vulnerabilities in March, Microsoft Exchange has become a popular target for cyberattacks.
Most Reliable Hosting Company Sites in November 2021
1st December, 2021
| Rank | Performance Graph | OS | Outage hh:mm:ss |
Failed Req% |
DNS | Connect | First byte |
Total |
|---|---|---|---|---|---|---|---|---|
| 1 | Rackspace | Linux | 0:00:00 | 0.000 | 0.463 | 0.008 | 0.020 | 0.020 |
| 2 | Bigstep | Linux | 0:00:00 | 0.000 | 0.190 | 0.063 | 0.126 | 0.126 |
| 3 | CWCS Managed Hosting | Linux | 0:00:00 | 0.000 | 0.291 | 0.064 | 0.127 | 0.127 |
| 4 | Hyve Managed Hosting | Linux | 0:00:00 | 0.000 | 0.128 | 0.068 | 0.137 | 0.137 |
| 5 | www.dinahosting.com | Linux | 0:00:00 | 0.000 | 0.189 | 0.072 | 0.144 | 0.144 |
| 6 | Swishmail | Linux | 0:00:00 | 0.000 | 0.218 | 0.098 | 0.196 | 0.196 |
| 7 | ServerStack | Linux | 0:00:00 | 0.000 | 0.201 | 0.104 | 0.205 | 0.205 |
| 8 | Aruba | Linux | 0:00:00 | 0.007 | 0.340 | 0.006 | 0.030 | 0.030 |
| 9 | New York Internet (NYI) | FreeBSD | 0:00:00 | 0.007 | 0.536 | 0.063 | 0.127 | 0.127 |
| 10 | krystal.uk | Linux | 0:00:00 | 0.007 | 0.176 | 0.084 | 0.159 | 0.159 |
Rackspace had the most reliable hosting company site in November 2021, with an average connection time of just 8ms across the month and no failed requests. Rackspace has appeared in the top 10 most reliable hosting company sites every month of the past 12 months, and has taken the number one spot in five of those. Rackspace offers a wide variety of cloud hosting solutions from over 40 data centres across the Americas, Europe, Asia and Australia.
Places two, three and four in November 2021 go to Bigstep, CWCS Managed Hosting and Hyve Managed Hosting respectively. All three of these hosting company sites had no failed requests and were competitive on average connection times, coming in at 63ms, 64ms and 68ms respectively.
Bigstep’s bare metal cloud hosting provides the flexibility of cloud hosting without the associated overhead and performance reductions of virtualization. The bare metal offerings are available in data centres in the UK and Romania. CWCS Managed Hosting offer dedicated servers, cloud and VPS hosting, colocation services, domain names and email services from their seven data centres across the UK, USA and Canada. Hyve Managed Hosting offer cloud hosting, dedicated servers and managed services from data centres in 34 locations around the world.
Nine of the top 10 hosting company sites used Linux in October, continuing the dominance of Linux. In ninth place, New York Internet (NYI) used FreeBSD.
The other victims of FluBot: How cybercriminals exploit WordPress to distribute malware
29th November, 2021
Netcraft has to date identified nearly 10,000 websites used in the distribution of the FluBot family of Android malware. As detailed in our previous articles on FluBot, these sites are unwittingly hosting a PHP script that acts as a proxy to a further backend server, allowing otherwise legitimate sites to deliver Android malware to victims. When visited by the intended victim, a “lure” is displayed that implores them to download and install the FluBot malware.
The most common lure themes are parcel delivery and voicemail messages, where the user is told to install the malicious app to track a parcel or listen to a voicemail message. One particularly interesting lure took advantage of FluBot’s infamy, by offering a fake “Android security update” that claimed to protect against the malware family. Users installing this “security update” would instead be infected with FluBot.
Most sites distributing FluBot malware also host legitimate content, suggesting they were compromised by the operators of this malware distribution network, without the knowledge of the site operator. While the use of unrelated domains makes the lures less convincing, as compared to domains specifically registered for fraud, it allows the malware distribution network to operate at a much larger scale.
These affected sites all have one factor in common: they run self-hosted WordPress instances. Netcraft believes the operators of this malware distribution network are actively exploiting well-known vulnerabilities in WordPress plugins and themes to upload malicious content onto insecure sites, joining a growing list of threat actors doing the same.
A collection of lures used by the FluBot distribution network
November 2021 Web Server Survey
23rd November, 2021
In the November 2021 survey we received responses from 1,175,392,792 sites across 267,027,794 unique domains and 11,525,855 web-facing computers. This reflects a loss of 4.06 million sites, but a gain of 1.60 million domains and 137,000 computers.
nginx gained the largest number of domains (+741,000) and web-facing computers (+81,300) this month and continues to lead in both metrics with market shares of 30.1% and 37.3%.
Further down in the market, there was also a noticeable increase in the total number of web-facing computers running LiteSpeed, which went up by 11,200 to 101,000 (+12.5%), although this resulted in only a 1.44% increase in domains. These counts include sites that run on LiteSpeed Web Server and its open source variant, OpenLiteSpeed, both of which exhibit the same “LiteSpeed” server banner.
Both nginx and Apache lost nearly 4 million hostnames each, reducing their sites market shares to 34.7% and 24.4%. Meanwhile, Cloudflare gained 1.15 million sites, which has taken its total up to 58.6 million (+2.00%) and increased its sites share to 4.99%.
nginx and Apache also suffered losses amongst the top million websites, paving the way for Microsoft to increase its presence by 2,369 sites (+3.75%). Microsoft web server software is now used by 65,600 of the top million sites, but Apache is still the most commonly used web server in this sector, with 240,000 of the top million sites using it, and nginx is not far behind with 224,000.
Apache 2.4.49 vulnerability
Following last month’s news of a path traversal vulnerability in Apache 2.4.49 being actively exploited in the wild, this month’s survey shows that more than 11 million websites had server banners containing “Apache/2.4.49” before a fix was released. The only other version vulnerable to attack was Apache 2.4.50, which failed to fix the vulnerability properly – but this version was released after the survey ran and was promptly replaced with Apache 2.4.51, where the vulnerability was resolved properly.
The true number of websites that were vulnerable during the survey period is likely to have been much greater than the 11 million websites that openly reported themselves to be running Apache 2.4.49, as nearly two-thirds of all Apache-powered websites do not reveal a version number in their server banners. This configuration is often a deliberate act towards security through obscurity, although attackers can often deduce precise version numbers by carrying out additional tests. There may also have been additional vulnerable instances of Apache 2.4.49 hidden behind frontend load balancers or content delivery networks such as Cloudflare.
Conversely, some websites running on Apache 2.4.49 may not have been vulnerable if they used an appropriately configured web application firewall that prevents path traversal attacks. More generally, the true number of web servers that contain a version-specific vulnerability can also be masked by future backported security patches, which typically fix vulnerabilities without changing the apparent version number of the software. From an external perspective, a server might appear to be running a vulnerable software version but may not actually be vulnerable to the issues affecting that version.
Vendor news
- LiteSpeed Web Server 6.0.11 was released on 10 November. This is the latest version in the LSWS 6.0 stream and includes improvements in HTTP/2 and HTTP/3 throughput, new support for WebSocket proxy targets in rewrite rules, and several bugfixes.
- Microsoft has announced new Azure Bounty Program rewards of up to $60,000 to encourage and reward research into vulnerabilities that would have the highest potential impact on the security of its customers.
- nginx 1.21.4 mainline was released on 2 November. This version includes some new features and changes relating to TLS and HTTP/2.
- Lighttpd 1.4.61 was released on 28 October to address a number of bugs. Lighttpd is used by 245,000 unique domains in this month’s survey.
- njs 0.7.0 was released on 19 October to add HTTPS support for its Fetch API, along with a few other new features and bugfixes.
- Apache Tomcat 9.0.54, 10.0.12 and 10.1.0-M6 (alpha) were released on 1 October, followed by Tomcat 8.5.72 on 6 October.
- Cloudflare Pages now supports custom headers natively, without having to use Cloudflare Workers. This makes it easier for developers to add best-practice security headers and others to their JAMstack applications.
- Cloudflare for SaaS is now generally available to all, following a beta launch earlier in the year.
| Developer | October 2021 | Percent | November 2021 | Percent | Change |
|---|---|---|---|---|---|
| nginx | 412,222,221 | 34.95% | 408,226,319 | 34.73% | -0.22 |
| Apache | 290,462,410 | 24.63% | 286,494,600 | 24.37% | -0.25 |
| OpenResty | 76,038,576 | 6.45% | 76,480,927 | 6.51% | 0.06 |
| Cloudflare | 57,482,103 | 4.87% | 58,629,365 | 4.99% | 0.11 |