Secure your Network
Advertise on Netcraft
About Netcraft
Join Netcraft
Site Map
Netcraft Home What's that site running?
Web Server Survey
SSL Server Survey
Explore web sites
News
 Netcraft Web Server Survey Reports  Graphs  Mechanics  Developers  Servers  Most Requested Sites  Archive

SSL Survey

Jobs available at Netcraft

The Netcraft Web Server Survey is a survey of Web Server software usage on Internet connected computers. We collect and collate as many hostnames providing an http service as we can find, and systematically poll each one with an HTTP request for the server name.
In the December 2002 survey we received responses from 35,543,105 sites.

Market Share for Top Servers Across All Domains August 1995 - December 2002

Graph of market share for top servers across all domains, August 1995 - December 2002

Top Developers

DeveloperNovember 2002PercentDecember 2002PercentChange
Apache2169932060.802204535062.021.22
Microsoft1023942328.69980363927.58-1.11
Zeus7759162.177524362.12-0.05
SunONE4880941.374812321.35-0.02

Active Sites

DeveloperNovember 2002PercentDecember 2002PercentChange
Apache1072946264.691106542766.541.85
Microsoft424484225.59411359024.74-0.85
Zeus2717531.642583671.55-0.09
SunONE2309021.392290811.38-0.01

Totals for Active Servers Across All Domains June 2000 - December 2002


SunONE is the sum of sites running iPlanet-Enterprise, Netscape-Enterprise, Netscape-FastTrack, Netscape-Commerce, Netscape-Communications, Netsite-Commerce & Netsite-Communications.

Microsoft is the sum of sites running Microsoft-Internet-Information-Server, Microsoft-IIS, Microsoft-IIS-W, Microsoft-PWS-95, & Microsoft-PWS.

Platform groupings are here.

Around the Net

Fewer hosts, but web more sophisticated and disparate during 2002

Surprisingly, many of the metrics derived from the web server survey grew during 2002, despite widespread financial woe in the Telecoms, Hosting, and Domain Registration industries. Over the year, the number of hostnames responding to the web server survey fell by over a million. However, many of the sites that fell by the wayside were parked sites at domain registries and template produced sites at mass hosting companies which retreated from an advertising supported business model. Three companies, Verisign, register.com, and homestead.com, collectively lost over 3 Million such sites during the period.

During 2002 the Web has become geographically much more disparate,  with a significant reduction of 5.3 Million hostnames in the US being compensated by an increase of 4.1 Million hosts in Europe and Asia-Pacific. Hosting facilities in the rest of the world have caught up with those available in the US, with a net repatriation of sites from the US to almost every well developed overseas economy. The domain registration and advertising-supported mass hosting was primarily led by companies in the US, and the reduction in demand for these services has correspondingly reduced the site count in the United States. The UK's major peering point, the LINX recently published statistics showing that traffic through the LINX has roughly doubled in the last year, and that the number of routes into the UK from mainland Europe now exceeds the number of US routes. This broadly correlates with our own view of the Internet.

   
  January 2002  December 2002 Growth
Hostnames36,689,008 35,543,105 -3.12%
Active Sites14,134,142 16,629,876 17.66%
IP Addresses3,801,101 4,007,918 5.44%
IP Addresses with Scripting Languages612,420 931,468 52.10%
SSL Servers153,072 174,745 14.16%

The number of active sites has risen by around 17% over the last year, indicating that the conventional web is still expanding at a respectable rate, and the number of SSL sites is up by a roughly equivalent 14%. But most notably the number of sites making some use of scripting languages on the front page has increased by over half. ASP and PHP, which are by far the most widely used scripting languages, have each seen significant increases in deployment on the internet, as businesses constructed more sophisticated sites, upgrading initial brochureware efforts.

JSP - an unexpected success

Very few people would have expected that  the fastest [in percentage terms] growing scripting language on the web during 2002 would be JSP. JSP was originally intended as a general purpose scripting language, but quickly lost ground to PHP and ASP, which are regarded as easier languages which to get started with. However, the number of ip addresses using JSP on their front page has roughly trebled in 2002, albeit from a small base of a little over 10,000 IP addresses this time last year.  Most of the well known Unix based application servers including Weblogic, IBM Websphere, Oracle, and Apache Tomcat make use of JSP, and, having failed to achieve critical mass as a general purpose scripting language JSP has found a worthwhile niche at the top end of the market in tandem with the application servers.

.Net finds favour in the Linux community

Last week the Mono project released a new version of their Linux based implementation of the Microsoft .Net development framework. Mono enjoys an almost unique relationship with Microsoft amongst open source projects. Mono project leader Miguel de Icaza and Microsoft executives frequently say complimentary things about each other, with Microsoft presumably taking the view that any thing that helps establish .Net as a common development framework is a fine thing. So far, around 1% of internet sites using ASP.Net are Linux based, but it is early days both for the Mono project and for .Net itself, and both will be hoping to grow very significantly from current levels.

Cobalt Security Hardening Package found to be insecure.

Security software is often difficult to write, and this point is well illustrated by the number of security products which turn out to weaken  the systems they are meant to protect. The latest example is the security hardening package (SHP) provided by Sun for their Cobalt RaQ server appliances. The SHP provides extra security features for the RaQ, including detection and blocking of port scans, buffer overflow protection, and email alerts of attacks. One of the CGIs included, overflow.cgi, is intended to control the email alerts for buffer overflows - but unfortunately it falls victim to a far more basic attack, failing to filter user input before passing it to a command ran with superuser privileges. The CERT advisory provides details.

It is not straightforward to gauge the impact of this on the general vulnerability of the web. Presently around 5% of web sites are served from Cobalt RaQs. The Security Hardening Package is not installed by default and is only available for the RaQ 4, but it is generally expected in the Cobalt community that many users will have installed it. The number of RaQs we have tested in our own security testing services is small and not useful as an indicator of the numbers of systems which may have installed SHP.

Cobalt  have taken the view that the Security Hardening Package is no longer good for security, and have issued an update which removes it completely. 

Reports and Interactive Queries

Reports are provided showing server usage for the Internet as a whole, and for selected domains, with links to all the sites responding to the survey. A facility for you to check what server a particular site is running now is also available. The same form can be used to ensure that a particular site is included in future surveys. A directory of sites running in developer domains is also provided, while the sites discovered by the survey can be explored.

Fair Use, Copyright

Excerpts from this survey may be reproduced if Netcraft and the url http://www.netcraft.com/survey/ are attributed.

 Netcraft Web Server Survey Reports  Graphs  Mechanics  Developers  Servers  Most Requested Sites  Archive
Your comments and suggestions are most welcome webmaster@netcraft.com © Netcraft 2002