Secure your Network
Advertise on Netcraft
About Netcraft
Join Netcraft
Site Map
Netcraft Home What's that site running?
Web Server Survey
SSL Server Survey
Explore web sites
News
 Netcraft Web Server Survey Reports  Graphs  Mechanics  Developers  Servers  Most Requested Sites  Archive

SSL Survey

Jobs available at Netcraft

The Netcraft Web Server Survey is a survey of Web Server software usage on Internet connected computers. We collect and collate as many hostnames providing an http service as we can find, and systematically poll each one with an HTTP request for the server name.
In the June 2002 survey we received responses from 38,807,788 sites.

Market Share for Top Servers Across All Domains August 1995 - June 2002

Graph of market share for top servers across all domains, August 1995 - June 2002

Top Developers

DeveloperMay 2002PercentJune 2002PercentChange
Apache2112038856.212315490959.673.46
Microsoft1190282131.681123961328.96-2.72
Zeus8490892.267991732.06-0.20
iPlanet8242452.196870041.77-0.42

Active Sites

DeveloperMay 2002PercentJune 2002PercentChange
Apache1041100065.111096473464.42-0.69
Microsoft412169725.78424371924.93-0.85
iPlanet2470511.552816811.660.11
Zeus2144981.342278571.340.00

Totals for Active Servers Across All Domains June 2000 - June 2002


iPlanet is the sum of sites running iPlanet-Enterprise, Netscape-Enterprise, Netscape-FastTrack, Netscape-Commerce, Netscape-Communications, Netsite-Commerce & Netsite-Communications.

Microsoft is the sum of sites running Microsoft-Internet-Information-Server, Microsoft-IIS, Microsoft-IIS-W, Microsoft-PWS-95, & Microsoft-PWS.

Platform groupings are here.

Around the Net

Web more vulnerable to attack now than at any time previously

The publication of serious vulnerabilities in Microsoft-IIS and Apache over the last three weeks has created a situation where a majority of internet sites are likely to be accessible to remote exploit. On 11th June, Microsoft released a trio of advisories, the most serious of which referred to a HTR buffer overflow that could be used to remotely compromise machines running Microsoft-IIS.

Although Netcraft can not explicitly test for the vulnerability without prior permission from the sites, around half of the Microsoft-IIS sites on the internet have .htr mapping enabled, which indicates that the site is likely to be vulnerable to the attack, and indeed that some number will already be under the control of an external attacker.  

On the 17th June it was reported that many versions of the Apache web server were vulnerable to a buffer overflow through flawed functionality affecting its "Chunked Encoding" mechanism. If exploited, this could lead to a remote system compromise and exploits are already known to have been been developed for Windows, FreeBSD and OpenBSD. There is an active debate on whether exploits are possible for Linux and Solaris.

Apache administrators have reacted quite quickly to the problem, and within a week of first publication, well over 6 million sites have been upgraded to Apache/1.3.26, issued by the Apache project in response to the problem. However, this still leaves around 14 Million potentially vulnerable Apache sites.


Microsoft-IIS sites supporting HTR, June 2002

With over half of the internet's web servers potentially vulnerable, conditions are ripe for an epidemic of attacks against both Microsoft-IIS and Apache based sites, and the first worm, targeting sites running Apache on FreeBSD, has been spotted this weekend. 

Although potentially very disruptive, worms have a positive aspect, in that they draw the administrators attention to vulnerable servers, and once patched the server is usually no longer available as a platform for more insidious activity. Last year, immediately prior to the Code Red worm, Netcraft was finding that around 1 in six ecommerce sites running Microsoft-IIS taking a security test from Netcraft for the first time had already been successfully compromised, and had a backdoor giving an external attacker control over the machine. The clear up from Code Red had the positive effect of flushing the majority of these backdoors out of the internet.

Additionally, Microsoft has yesterday announced details of some severe vulnerabilities in its Commerce Server software which give remote attackers the ability to execute arbitrary code on the server. There are around 36,000 sites using Commerce Server [or Site Server, its predecessor] including a significant number of ecommerce sites and banks. 

It is noteworthy that the vulnerabilities are equally applicable to SSL sites, and that in particular, most intrusion detection (IDS) facilities will not flag attacks implemented over SSL because the traffic is encrypted. This can provide a false sense of confidence to administrators, and, symmetrically, a suitable means of a stealthy attack.

Everyone is encouraged to test their networks for vulnerabilities; details on Netcraft's own security testing services are available here.

Reports and Interactive Queries

Reports are provided showing server usage for the Internet as a whole, and for selected domains, with links to all the sites responding to the survey. A facility for you to check what server a particular site is running now is also available. The same form can be used to ensure that a particular site is included in future surveys. A directory of sites running in developer domains is also provided, while the sites discovered by the survey can be explored.

Fair Use, Copyright

Excerpts from this survey may be reproduced if Netcraft and the url http://www.netcraft.com/survey/ are attributed.

 Netcraft Web Server Survey Reports  Graphs  Mechanics  Developers  Servers  Most Requested Sites  Archive
Your comments and suggestions are most welcome webmaster@netcraft.com © Netcraft 2002