fyi
Netcraft surveys provide a lot of useful global data for Internet
benchmarking.
cheers
martin
---------- Forwarded message ----------
Date: Tue, 17 Dec 2002 21:09:00 GMT
From: Mike Prettejohn <[log in to unmask]>
To: [log in to unmask]
Subject: December 2002 Netcraft Web Server Survey
The December 2002 Netcraft Web Server Survey is out;
http://www.netcraft.com/survey/
Top Developers
Developer November 2002 Percent December 2002 Percent Change
Apache 21699320 60.80 22045350 62.02 1.22
Microsoft 10239423 28.69 9803639 27.58 -1.11
Zeus 775916 2.17 752436 2.12 -0.05
SunONE 488094 1.37 481232 1.35 -0.02
Active Sites
Developer November 2002 Percent December 2002 Percent Change
Apache 10729462 64.69 11065427 66.54 1.85
Microsoft 4244842 25.59 4113590 24.74 -0.85
Zeus 271753 1.64 258367 1.55 -0.09
SunONE 230902 1.39 229081 1.38 -0.01
Fewer hosts, but web became more sophisticated and disparate during 2002
Surprisingly, many of the metrics derived from the web server survey
grew during 2002, despite widespread financial woe in the Telecoms,
Hosting, and Domain Registration industries. Over the year, the number
of hostnames responding to the web server survey fell by over a
million. However, many of the sites that fell by the wayside were
parked sites at domain registries and template produced sites at mass
hosting companies which retreated from an advertising supported
business model. Three companies, Verisign, register.com, and
homestead.com, collectively lost over 3 Million such sites during the
period.
During 2002 the Web has become geographically much more disparate,
with a significant reduction of 5.3 Million hostnames in the US being
compensated by an increase of 4.1 Million hosts in Europe and
Asia-Pacific. Hosting facilities in the rest of the world have caught
up with those available in the US, with a net repatriation of sites
from the US to almost every well developed overseas economy. The
domain registration and advertising-supported mass hosting was
primarily led by companies in the US, and the reduction in demand for
these services has correspondingly reduced the site count in the
United States. The UK's major peering point, the LINX recently
published [1]statistics showing that traffic through the LINX has
roughly doubled in the last year, and that the number of routes into
the UK from mainland Europe now exceeds the number of US routes. This
broadly correlates with our own view of the Internet.
January 2002 December 2002 Growth
Hostnames 36,689,008 35,543,105 -3.12%
Active Sites 14,134,142 16,629,876 17.66%
IP Addresses 3,801,101 4,007,918 5.44%
IP Addresses with
Scripting Languages 612,420 931,468 52.10%
SSL Servers 153,072 174,745 14.16%
The number of [2]active sites has risen by around 17% over the last
year, indicating that the conventional web is still expanding at a
respectable rate, and the number of SSL sites is up by a roughly
equivalent 14%. But most notably the number of sites making some use
of scripting languages on the front page has increased by over half.
ASP and PHP, which are by far the most widely used scripting
languages, have each seen significant increases in deployment on the
internet, as businesses constructed more sophisticated sites,
upgrading initial brochureware efforts.
JSP - an unexpected success
Very few people would have expected that the fastest [in percentage
terms] growing scripting language on the web during 2002 would be
JSP. JSP was originally intended as a general purpose scripting
language, but quickly lost ground to PHP and ASP, which are regarded
as easier languages which to get started with. However, the number of
ip addresses using JSP on their front page has roughly trebled in
2002, albeit from a small base of a little over 10,000 IP addresses
this time last year. Most of the well known Unix based application
servers including Weblogic, IBM Websphere, Oracle, and Apache Tomcat
make use of JSP, and, having failed to achieve critical mass as a
general purpose scripting language JSP has found a worthwhile niche at
the top end of the market in tandem with the application servers.
.Net finds favour in the Linux community
Last week the [3]Mono project released a new [4]version of their
Linux based implementation of the Microsoft .Net development
framework. Mono enjoys an almost unique relationship with Microsoft
amongst open source projects. Mono project leader Miguel de Icaza and
Microsoft executives frequently [5]say complimentary things about
each other, with Microsoft presumably taking the view that any thing
that helps establish .Net as a common development framework is a fine
thing. So far, around 1% of internet sites using ASP.Net are Linux
based, but it is early days both for the Mono project and for .Net
itself, and both will be hoping to grow very significantly from
current levels.
Cobalt Security Hardening Package found to be insecure.
Security software is often difficult to write, and this point is well
illustrated by the number of security products which turn out to
weaken the systems they are meant to protect. The latest example is
the [6]security hardening package (SHP) provided by Sun for their
Cobalt RaQ server appliances. The SHP provides extra security features
for the RaQ, including detection and blocking of port scans, buffer
overflow protection, and email alerts of attacks. One of the CGIs
included, overflow.cgi, is intended to control the email alerts for
buffer overflows - but unfortunately it falls victim to a far more
basic attack, failing to filter user input before passing it to a
command ran with superuser privileges. The [7]CERT advisory provides
details.
It is not straightforward to gauge the impact of this on the general
vulnerability of the web. Presently around 5% of web sites are served
from Cobalt RaQs. The Security Hardening Package is not installed by
default and is only available for the RaQ 4, but it is generally
expected in the Cobalt community that many users will have installed
it. The number of RaQs we have tested in our own [8]security testing
services is small and not useful as an indicator of the numbers of
systems which may have installed SHP.
Cobalt have taken the view that the Security Hardening Package is no
longer good for security, and have [9]issued an update which removes
it completely.
References
1. http://www.linx.org/press/releases/081.thtml
2. http://www.netcraft.com/survey/index-200007.html#active
3. http://www.go-mono.com/
4. http://www.go-mono.com/archive/mono-0.17
5. https://www.business2.com/articles/mag/0,1640,45454,FF.html
6. http://www.sun.com/hardware/serverappliances/pdfs/support/RaQ_4_SHP_UG.pdf
7. http://www.cert.org/advisories/CA-2002-35.html
8. http://www.netcraft.com/security/
9. http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/49377
Internet Research from Netcraft.
Netcraft does commercial internet research projects. These include
custom cuts on the Web Server Survey data, hosting industry analysis,
corporate use of internet technology and bespoke projects. All of the data
is gathered through network exploration, not teleresearch.
[log in to unmask]
Network Security Testing from Netcraft.
Netcraft provides automated network security testing of customer networks
and consultancy audits of ecommerce sites, Clients include IBM,
Hewlett Packard, Deloitte & Touche, Energis, Britannic Asset Management,
Guardian Royal Exchange, Lloyds of London, Laura Ashley, etc.
Details at http://www.netcraft.com/security/
To unsubscribe from the Netcraft Web Server Survey Announcements list
send the message
unsubscribe webserver-survey
to [log in to unmask]
To resubscribe send the message
subscribe webserver-survey
Mike
--
Mike Prettejohn
mhp@@netcraft.com Phone +44 1225 447500 Fax +44 1225 448600
Netcraft Rockfield House Granville Road Bath BA1 9BQ England
|