![[LWN Logo]](/images/lcorner.png) |
|
![[LWN.net]](/images/Included.png) |
The Feberuary 2002 Netcraft Web Server Survey is out;
http://www.netcraft.com/survey/
Top Developers
Developer January 2002 Percent February 2002 Percent Change
Apache 20866868 56.87 22462777 58.43 1.56
Microsoft 11097667 30.25 11198727 29.13 -1.12
iPlanet 1318991 3.60 1123701 2.92 -0.68
Zeus 792802 2.16 837968 2.18 0.02
Active Sites
Developer January 2002 Percent February 2002 Percent Change
Apache 9532555 63.22 10147402 65.18 1.96
Microsoft 3927951 26.05 4069193 26.14 0.09
iPlanet 452218 3.00 283112 1.82 -1.18
Zeus 176416 1.17 177225 1.14 -0.03
Around the Net
This month see a 1.75 million increase in the number of sites found by
the survey. There is a large increase in Europe, particularly in
Germany, where Apache is extremely strong, and in Denmark.
Additionally, the survey found significant numbers of new sites using
the .biz and .info domains.
Somewhat offsetting this, several large US based bulk hosters and
domain registration businesses are seeing declines in sites. In
particular, the decline in sites running Netscape-Enterprise is
substantially due to a reduction in sites hosted on a system run by
[1]Verisign at [2]Digex. Around 100,000 sites seem to have been
moved to another system controlled by Verisign running
[3]Microsoft-IIS at [4]Interland with a further 150,000 small sites
lapsed.
Likewise, [5]NameZero have removed a large number of small .com sites
from their bulk hosting system as they transition to find a working
business model, while [6]register.com have also lost around 100,000
hostnames during the month. Earlier this month register.com bought
[7]Virtual Internet, previously its partner in [8]RegistryPro which
is to run the new .pro gTLD, once ICANN agreements are finalised.
Apache is used by the NICs for both the new [9].info and [10].biz
domains.
With several bulk hosting companies fighting to create a viable
business model, widespread lapsing of speculatively registered
domains, and the virgin TLDs being populated, it is worth a glance at
a view of the web by ip address rather than by hostname to get a
second take on what is going on.
[21] Microsoft-IIS fares about five percentage points better on this view,
as a great deal of the impact of largescale shared hosting and domain
name registration is burnt off.
Security vulnerability discovered affecting a million PHP sites
Following rumours circulating for much of the week in security forums,
an [11]advisory has been published demonstrating a vulnerability in
PHP which can lead to servers being compromised.
PHP has enjoyed widespread popularity in recent years, thanks largely
to its adoption as the web scripting language of choice by many Linux
developers, inclusion by default in most Linux distributions, and use
on server appliances such as those from Cobalt. It is most popularly
used as a module for Apache, with some 38% of Apache sites having PHP
support.
PHP has had a mixed security record, and recently the project has been
[12]making design changes to improve its security. CERT have released
an [13]advisory, and patches from the PHP [14]project and [15]Zend
were made available yesterday. One point that the current advisories
have not made especially clear is that a PHP script needs to be
created on a site in order for the vulnerability to be exploited, and
this limits the number of vulnerable sites found by Netcraft to around
one million. Presently, Netcraft finds a vulnerable version of PHP
present on around 8.4 Million internet web sites, but on many of these
although PHP has been compiled into the server, it is not actually
used in the site content.
Sun loves Linux. Not!
Sun has recently outlined a [16]server blade strategy, which will
include both Solaris/SPARC and Linux/x86 systems. An [17]initial
product is expected to be available later this year, with a more
advanced [18]Infiniband connected product following next year.
Sun announced its intention to produce a line of Linux systems earlier
in the month, with CEO Scott McNealy [19]emphasizing this significant
change in strategy, saying "We love Linux, and I hope there isn't any
doubt about it". Sun has sold Linux systems since October 2000, when
it bought [20]Cobalt, but the new line will be the first Sun badged
Linux machines. The machines are "low-end, edge-of-the-network"
systems, which Sun suggests should be used for functions such as
website hosting.
Implicitly this accepts that that Linux has won a major and increasing
share of this market, while Solaris share of internet web sites has
been in steady decline over the last three years, with Intel based
systems running Windows and Linux gaining strongly over the same
period.
References
1. http://www.nsi.com/
2. http://www.digex.com/
3. http://www.microsoft.com/
4. http://www.interland.com/
5. http://www.namezero.com/
6. http://www.register.com/
7. http://www.vi.net/
8. http://www.registrypro.com/aboutus.htm
9. http://uptime.netcraft.com/up/graph/?host=www.info
10. http://uptime.netcraft.com/up/graph/?host=www.nic.biz
11. http://security.e-matters.de/advisories/012002.html
12. http://www.php.net/release_4_1_0.php
13. http://www.cert.org/advisories/CA-2002-05.html
14. http://www.php.net/
15. http://www.zend.com/
16. http://news.com.com/2100-1001-846031.html
17. http://theregister.co.uk/content/53/24217.html
18. http://www.infinibandta.org/
19. http://news.com.com/2100-1001-832463.html
20. http://theregister.co.uk/content/53/24171.html
21. http://www.netcraft.com/survey/Reports/200202/pie.gif
22. http://www.netcraft.com/survey/Reports/200202/solaris.gif
Internet Research from Netcraft.
Netcraft does commercial internet research projects. These include
custom cuts on the Web Server Survey data, hosting industry analysis,
corporate use of internet technology and bespoke projects. All of the data
is gathered through network exploration, not teleresearch.
sales@netcraft.com
Network Security Testing from Netcraft.
Netcraft provides automated network security testing of customer networks
and consultancy audits of ecommerce sites, Clients include IBM,
Hewlett Packard, Deloitte & Touche, Energis, Britannic Asset Management,
Guardian Royal Exchange, Lloyds of London, Laura Ashley, etc.
Details at http://www.netcraft.com/security/
To unsubscribe from the Netcraft Web Server Survey Announcements list
send the message
unsubscribe webserver-survey
to majordomo@netcraft.com
To resubscribe send the message
subscribe webserver-survey
Mike
--
Mike Prettejohn
mhp@@netcraft.com Phone +44 1225 447500 Fax +44 1225 448600
Netcraft Rockfield House Granville Road Bath BA1 9BQ England