January 2016 Web Server Survey

By

By

By

Netcraft

Netcraft

Netcraft

|

|

|

January 25, 2016

January 25, 2016

January 25, 2016

In the January 2016 survey we received responses from 906,616,188 sites and 5,753,264 web-facing computers, reflecting a modest increase of less than six million sites, but a significant gain of 174,000 computers. Microsoft gained 22.5m sites (+9.40%), which has taken its market share up by 2.32 points. Meanwhile, Apache lost 16.4m sites, and nginx fell by 15.6m. Apache's market share is now less than 5 points ahead of Microsoft; this difference was more than twice as large just two months ago.

The web-facing computers metric is typically much more stable, but this month's overall gain of 174,000 computers is unusually large as a result of a 7.6% increase in the number of web-facing computers running Apache.

This large gain comprised of nearly 195,000 Apache computers, and the majority of these are Western Digital My Cloud personal storage devices. These consumer devices run web servers and can be accessed using public hostnames with a format similar to device1000000-a1b2c3d4.wd2go.com. Consumers can remotely access their files via the My Cloud web application, a mobile app, or via third-party applications that make use of the relatively new My Cloud OS 3 platform.

Consumers can remotely access their files via the My Cloud web application (shown), or via a mobile app.

Consumers can remotely access their files via the My Cloud web application (shown), a mobile app, or third-party tools.

More than 240,000 of these wd2go.com hostnames point directly to a variety of consumer broadband connections, which is where the My Cloud devices are physically located.

Network Attached Storage (NAS) devices are rarely exposed to the internet on such a large scale, and so this provides some otherwise invisible insights into the usage of these particular devices. Although consumers do not have to enable the Cloud Access feature, the 240,000+ devices that are directly exposed to the internet are likely to be a fairly representative sample of all similar Western Digital devices.

Nearly half of the My Cloud devices that are exposed directly to the internet are located in the US, while the UK has the next largest share of 13%, and France follows with 6%. This suggests that nearly two-thirds of Western Digital's consumer NAS sales take place in these three countries alone.

As well as the My Cloud devices that are exposed directly to the internet, a further 273,000 wd2go.com hostnames resolve to fewer than 200 IP addresses hosted by Amazon AWS. These hostnames likely represent additional My Cloud devices that have been cloud-enabled using Relay mode. In this mode, requests bound for the device are relayed via the Amazon-hosted web service, which makes it possible for a consumer to gain remote access even when they are not able to set up port forwarding on their router. However, whilst certainly convenient, exposing a My Cloud device to the internet (either directly or in relay mode) could undermine a consumer's security by revealing the device's internal IP address to the whole world. Each of the 500,000+ My Cloud devices that can be accessed via hostnames like device1070698-xxxxxxxx.wd2go.com also have corresponding DNS entries that reveal their local IP addresses: $ host device1070698-xxxxxxxx.wd2go.com device1070698-xxxxxxxx.wd2go.com has address 78.72.xx.x $ host device1070698-xxxxxxx-local.wd2go.com device1070698-xxxxxxxx-local.wd2go.com has address 192.168.1.65 These "-local" DNS entries allow a remote attacker to discover the local IP address of a consumer's My Cloud device (in this case, 192.168.1.65), which would make it easier to carry out CSRF attacks against it. Even if the consumer has taken the precaution of changing the device's name so that his browser cannot reach it via the default local address (http://wdmycloud), it could still be reached by browsing directly to its local IP address. Devices that have not been updated recently might still be vulnerable to remote code execution via CSRF attacks. The local IP address of the My Cloud device can also be used to infer the address of the consumer's broadband router, which may well be vulnerable to similar types of attack. Knowing some likely IP addresses of the router makes CSRF attacks much more feasible – for example, if the My Cloud device has an IP address of 10.10.0.31, the attacker could deduce that the router's IP address might be 10.10.0.1 or 10.10.0.255, rather than any of the other 17+ million IANA-reserved private network addresses. A successful exploit against a vulnerable router could give an attacker full control over the router's settings, which could ultimately lead to data theft or financial losses through pharming attacks.

While the influx of these My Cloud devices has resulted in strong growth for Apache, nginx continued its steady progress by gaining a further 23,300 (+3.0%) web-facing computers. Apache's market share in terms of computers now stands at 47.9% (+2.0), while Microsoft lost 20,600 computers, contributing to its share falling to 27.1%. Despite maintaining the consistent growth it has demonstrated for several years, nginx also suffered a minor loss in share by virtue of Apache's exceptional growth.

graph01_201601_00: Total number of websitesgraph02_201601_00: Web server market share

Developer

December 2015

Percent

January 2016

Percent

Change

Apache

320,676,759

35.59%

304,271,061

33.56%

-2.03

Microsoft

239,927,013

26.63%

262,471,886

28.95%

2.32

nginx

157,001,018

17.43%

141,443,630

15.60%

-1.82

Google

20,362,678

2.26%

20,799,087

2.29%

0.03

graph03_201601_00: Web server market share for active sites

Developer

December 2015

Percent

January 2016

Percent

Change

Apache

86,135,302

50.14%

84,965,001

49.90%

-0.23

nginx

27,480,550

16.00%

27,294,719

16.03%

0.04

Microsoft

17,887,532

10.41%

17,088,509

10.04%

-0.38

Google

13,196,505

7.68%

13,428,841

7.89%

0.21

For more information see Active Sites

graph04_201601_00: Web server market share for top million busiest sites

Developer

December 2015

Percent

January 2016

Percent

Change

Apache

463,643

46.36%

463,092

46.31%

-0.06

nginx

242,852

24.29%

243,340

24.33%

0.05

Microsoft

115,825

11.58%

115,358

11.54%

-0.05

Google

22,072

2.21%

21,824

2.18%

-0.02

graph05_201601_00: Web server market share for computers

Developer

December 2015

Percent

January 2016

Percent

Change

Apache

2,560,407

45.89%

2,755,384

47.89%

2.00

Microsoft

1,581,613

28.35%

1,561,046

27.13%

-1.22

nginx

764,992

13.71%

788,271

13.70%

-0.01

Up next