include ("/web/docs/lwn/include/advertising.php3") ?>
The Feberuary 2002 Netcraft Web Server Survey is out; http://www.netcraft.com/survey/ Top Developers Developer January 2002 Percent February 2002 Percent Change Apache 20866868 56.87 22462777 58.43 1.56 Microsoft 11097667 30.25 11198727 29.13 -1.12 iPlanet 1318991 3.60 1123701 2.92 -0.68 Zeus 792802 2.16 837968 2.18 0.02 Active Sites Developer January 2002 Percent February 2002 Percent Change Apache 9532555 63.22 10147402 65.18 1.96 Microsoft 3927951 26.05 4069193 26.14 0.09 iPlanet 452218 3.00 283112 1.82 -1.18 Zeus 176416 1.17 177225 1.14 -0.03 Around the Net This month see a 1.75 million increase in the number of sites found by the survey. There is a large increase in Europe, particularly in Germany, where Apache is extremely strong, and in Denmark. Additionally, the survey found significant numbers of new sites using the .biz and .info domains. Somewhat offsetting this, several large US based bulk hosters and domain registration businesses are seeing declines in sites. In particular, the decline in sites running Netscape-Enterprise is substantially due to a reduction in sites hosted on a system run by [1]Verisign at [2]Digex. Around 100,000 sites seem to have been moved to another system controlled by Verisign running [3]Microsoft-IIS at [4]Interland with a further 150,000 small sites lapsed. Likewise, [5]NameZero have removed a large number of small .com sites from their bulk hosting system as they transition to find a working business model, while [6]register.com have also lost around 100,000 hostnames during the month. Earlier this month register.com bought [7]Virtual Internet, previously its partner in [8]RegistryPro which is to run the new .pro gTLD, once ICANN agreements are finalised. Apache is used by the NICs for both the new [9].info and [10].biz domains. With several bulk hosting companies fighting to create a viable business model, widespread lapsing of speculatively registered domains, and the virgin TLDs being populated, it is worth a glance at a view of the web by ip address rather than by hostname to get a second take on what is going on. [21] Microsoft-IIS fares about five percentage points better on this view, as a great deal of the impact of largescale shared hosting and domain name registration is burnt off. Security vulnerability discovered affecting a million PHP sites Following rumours circulating for much of the week in security forums, an [11]advisory has been published demonstrating a vulnerability in PHP which can lead to servers being compromised. PHP has enjoyed widespread popularity in recent years, thanks largely to its adoption as the web scripting language of choice by many Linux developers, inclusion by default in most Linux distributions, and use on server appliances such as those from Cobalt. It is most popularly used as a module for Apache, with some 38% of Apache sites having PHP support. PHP has had a mixed security record, and recently the project has been [12]making design changes to improve its security. CERT have released an [13]advisory, and patches from the PHP [14]project and [15]Zend were made available yesterday. One point that the current advisories have not made especially clear is that a PHP script needs to be created on a site in order for the vulnerability to be exploited, and this limits the number of vulnerable sites found by Netcraft to around one million. Presently, Netcraft finds a vulnerable version of PHP present on around 8.4 Million internet web sites, but on many of these although PHP has been compiled into the server, it is not actually used in the site content. Sun loves Linux. Not! Sun has recently outlined a [16]server blade strategy, which will include both Solaris/SPARC and Linux/x86 systems. An [17]initial product is expected to be available later this year, with a more advanced [18]Infiniband connected product following next year. Sun announced its intention to produce a line of Linux systems earlier in the month, with CEO Scott McNealy [19]emphasizing this significant change in strategy, saying "We love Linux, and I hope there isn't any doubt about it". Sun has sold Linux systems since October 2000, when it bought [20]Cobalt, but the new line will be the first Sun badged Linux machines. The machines are "low-end, edge-of-the-network" systems, which Sun suggests should be used for functions such as website hosting. Implicitly this accepts that that Linux has won a major and increasing share of this market, while Solaris share of internet web sites has been in steady decline over the last three years, with Intel based systems running Windows and Linux gaining strongly over the same period. References 1. http://www.nsi.com/ 2. http://www.digex.com/ 3. http://www.microsoft.com/ 4. http://www.interland.com/ 5. http://www.namezero.com/ 6. http://www.register.com/ 7. http://www.vi.net/ 8. http://www.registrypro.com/aboutus.htm 9. http://uptime.netcraft.com/up/graph/?host=www.info 10. http://uptime.netcraft.com/up/graph/?host=www.nic.biz 11. http://security.e-matters.de/advisories/012002.html 12. http://www.php.net/release_4_1_0.php 13. http://www.cert.org/advisories/CA-2002-05.html 14. http://www.php.net/ 15. http://www.zend.com/ 16. http://news.com.com/2100-1001-846031.html 17. http://theregister.co.uk/content/53/24217.html 18. http://www.infinibandta.org/ 19. http://news.com.com/2100-1001-832463.html 20. http://theregister.co.uk/content/53/24171.html 21. http://www.netcraft.com/survey/Reports/200202/pie.gif 22. http://www.netcraft.com/survey/Reports/200202/solaris.gif Internet Research from Netcraft. Netcraft does commercial internet research projects. These include custom cuts on the Web Server Survey data, hosting industry analysis, corporate use of internet technology and bespoke projects. All of the data is gathered through network exploration, not teleresearch. sales@netcraft.com Network Security Testing from Netcraft. Netcraft provides automated network security testing of customer networks and consultancy audits of ecommerce sites, Clients include IBM, Hewlett Packard, Deloitte & Touche, Energis, Britannic Asset Management, Guardian Royal Exchange, Lloyds of London, Laura Ashley, etc. Details at http://www.netcraft.com/security/ To unsubscribe from the Netcraft Web Server Survey Announcements list send the message unsubscribe webserver-survey to majordomo@netcraft.com To resubscribe send the message subscribe webserver-survey Mike -- Mike Prettejohn mhp@@netcraft.com Phone +44 1225 447500 Fax +44 1225 448600 Netcraft Rockfield House Granville Road Bath BA1 9BQ England