February 2007 Web Server Survey

In the February 2007 survey we received responses from 108,810,358 sites, an increase of 1.93 million from last month. Apache has a decline of 442K sites this month, and sees its share of the web server market slip by 1.47 percent to 58.7 percent. This is the first time Apache's market share has been below 60 percent since September 2002.

Microsoft-IIS gain 935K sites, continuing an advance that has seen Microsoft steadily chip away at what once seemed an insurmountable lead for Apache. In our Feb. 2006 survey, Apache held 68% market share, giving it lead of 47.5% over Windows (20.5% share). In this month's survey, Microsoft's share has improved to 31.0%, narrowing Apache's advantage to 27.7%.

Total Sites Across All Domains August 1995 - February 2007

Total Sites Across All Domains, August 1995 - February 2007

Graph of market share for top servers across all domains, August 1995 - February 2007

Top Developers
DeveloperJanuary 2007PercentFebruary 2007PercentChange

Continue reading

New York Internet and ThePlanet Most Reliable Hosting Companies In December 2006

Ranking by Failed Requests and Connection time,
December 1st - 31st 2006


New York Internet and ThePlanet are the most reliable hosting companies for December 2006, followed closely by Navisite, OLM, Rackspace and Hostway and GoDaddy.

The strong showing provides an immediate return on infrastructure upgrades by The Planet, which recently added multiple high-capacity 10 Gigabit Ethernet connections with its connectivity providers. The upgrade was part of The Planet's integration with EV1Servers, which were both acquired last May by private equity firm GI Partners.

New York Internet has now finished atop the survey eight times since 2003, and has regularly been among the top 10 performers. The colocation and managed hosting specialist is located in Manhattan's financial district. The top two finished just ahead of Navisite, a growing managed hosting provider with operations in the Boston area and India.

Five of the 10 most most reliable hosts run their web sites on Linux, while two use FreeBSD and three are powered by Windows.

Continue reading

World of Warcraft Slowed By Expansion Traffic

The web site for World of Warcraft was offline for about an hour early Wednesday, as the game's infrastructure came under heavy load due to a major expansion. Activity has been heavy on many of the game's servers with the launch of a software expansion pack, The Burning Crusade, which adds new characters and substantially expands World of Warcraft's "virtual real estate." Users reported performance problems yesterday in the early hours of the expansion.

While the extra traffic briefly downed the web site and slowed some game servers, the problems seem to be minimal compared to some of historic downtime issues for World of Warcraft, suggesting that system upgrades have made a difference in the game's performance. Game operator Blizzard Entertainment announced last week that World of Warcraft now has more than 8 million paid subscribers, including more than 3.5 million in China. The web site outage last night can be seen on this performance chart:

worldofwaracraft.com website performance

A dynamically updating chart of World of Warcraft's web site performance is available. Netcraft offers a web site performance monitoring service that provides similar charts, along with e-mail alerts when an outage occurs.

The Planet Completes Integration, Retires EV1Servers Brand

The Planet has completed its merger with EV1Servers and relaunched with a new web site, upgraded infrastructure and an emphasis on managed hosting. The integration of the two dedicated server providers, which were both acquired last May by private equity firm GI Partners, results in the retirement of the EV1Servers brand.

The Planet is now the world's sixth-largest hosting company, according to Netcraft's Hosting Provider Switching Analysis, with 1.89 million hostnames on its network, trailing only Go Daddy, 1&1 Internet, Microsoft, Google and Germany's Intergenia AG. The Planet says it now has more than 22,000 customers housed in six data centers, and combined revenue of approximately $110 million. It has also upgraded its network with high-speed 10 gigabit ethernet links with Level 3, Savvis, Global Crossing and Verio Networks.

The "new" Planet also hosts more than 16,000 SSL-enabled web sites, according to the Netcraft Secure Server Survey, making it the world's third-largest host in that category. Customers using SSL are typically more valuable because they are more likely to purchase additional services to ensure the security and performance of their e-commerce operations.

Continue reading

Phishing Attacks Continue to Grow in Sophistication

The Year in PhishingPhishing attacks are continually evolving, as fraudsters develop new strategies and quickly refine them in an effort to stay a step ahead of banking customers and the security community. Here are some of the phishing trends and innovations we noted in 2006:

  • Plug and Play Phishing Networks: The number of phishing sites and attacks rose dramatically in the second half of 2006 as phishers perfected techniques to rapidly deploy entire networks of phishing sites on cracked web servers. These packages, known as Rockphish and R11, featured dozens of sites spoofing major banks, which could be unzipped in a subdirectory of a hacked site to create an instant phishing network. By using a common directory structure and subdomains, phishers created URLs that included the name of the target institution.

  • Phlashing (Flash-based phishing sites): Attackers have begun using Flash animation to create spoof sites as a strategy to defeat automated anti-phishing services, which scan the text of a page in search of suspect phrases (brands of financial institutions, for example) that may identify it as a phishing scam. Phishers previously shifted from HTML to Javascript to make it harder to analyze a page's source code, and the use of Flash represents the next step in this evolution. Flash attacks were first seen in June, and were becoming more common by the close of 2006.
  • Two-factor Authentication: A July attack on Citibank demonstrated a technique that was able to defeat two-factor authentication tactics using a man-in-the-middle attack. Two-factor authentication, which uses physical security devices to generate a single-use password, is being touted by banks and financial regulators as a way to reduce fraud losses from phishing. The second authentication factor used by Citibank is provided by a security token - a physical item possessed by an account holder - which generates a one-time password that remains valid for approximately one minute. One-time passwords are useless to an attacker if they are captured via keylogging trojans, as they stop working shortly after the victim has used them. However, by tricking a victim into entering their login details, the attacker's site can automatically relay the authentication credentials to the real Citibank site instantly, allowing the attacker to successfully log in. Continue reading
  • Phishing By The Numbers: 609,000 Blocked Sites in 2006

    The Year in Phishing The Netcraft Toolbar blocked more than 609,000 confirmed phishing URLs in 2006, an enormous jump from just 41,000 in 2005. The volume of attacks grew gradually until the final quarter of the year, when the number of blocked sites soared as attackers perfected techniques to automate and propagate networks of spoof pages. These networks were replicated across botnets, creating a huge jump in submissions and confirmed phishing sites. Blocked URLs ranged between 1,000 and 20,000 per month before ramping up to 45,000 in October, 135,000 in November and more than 277,000 in December.


    The dramatic surge in attacks was fueled by new tools to rapidly deploy entire networks of phishing sites on cracked web servers. These packages, known broadly as Rockphish or R11, each included dozens of sites spoofing major banks, and could be unzipped in a subdirectory of a hacked site to create an instant phishing network. By using a common directory structure and sophisticated DNS management, phishers created dozens of spoof sites with subdomains including the name of the target institution. These networks were installed on large numbers of compromised machines in botnets, organized with management tools that allowed attackers to rapidly add and redirect sites within their networks.

    Continue reading