Weekly Edition
Return to the Announcements page
| |||||||||||||
|
| |||||||||||||
November 2002 Netcraft Web Server Survey
The November 2002 Netcraft Web Server Survey is out;
http://www.netcraft.com/survey/
Top Developers
Developer October 2002 Percent November 2002 Percent Change
Apache 21258824 60.54 21699320 60.80 0.26
Microsoft 10144453 28.89 10239423 28.69 -0.20
Zeus 711998 2.03 775916 2.17 0.14
iPlanet 478413 1.36 488094 1.37 0.01
Active Sites
Developer October 2002 Percent November 2002 Percent Change
Apache 10470848 65.39 10729462 64.69 -0.70
Microsoft 4013397 25.06 4244842 25.59 0.53
Zeus 215957 1.35 271753 1.64 0.29
iPlanet 227424 1.42 230902 1.39 -0.03
Around the Net
The survey records a net gain of around half a million sites this
month, as increases in the rest of the world outweighed a continuing
fall in the USA. Since the start of the year, the proportion of the
sites found by the survey in the US has fallen from 56% to 45%. This
primarily reflects the reduction of sites parked at domain
registration companies and the decline of advertising funded mass
hosting. However there has also been a net repatriation of existing
active sites out of America as hosting services in the rest of the
world have become more comparable with those in US.
Climate change kills Hosting Dinosaurs
[1]Genuity, nee BBN Planet, was put into administration yesterday,
with [2]Level 3 agreeing to buy its assets. Earlier in the month
Cable & Wireless [3]announced that it will close 23 out of 42
datacenters, many acquired only a year ago when C&W bought Exodus
after Exodus itself had entered Chapter 11, and in the process turf
out customers currently paying over $300M in annualised revenue.
Cable & Wireless' situation sounds appalling, but viewed from the
internet its decline appears not significantly worse than its near
competitors. Most of the best known colocation companies have seen
declines of in the region of 20% or more in the numbers of ip addresses
running web servers over the last year. Digex, which shows a
75% decline, divested part of its customer base to Allegiance Telecom
during the year, while PSI has suffered a prolonged decline since its
financial problems became clear to all in late 2000.
With the exception of Cable & Wireless, all of the companies in the
first table below have suffered large losses and financial distress.
Dinosaurs
Number of IP Addresses hosting Websites
Hoster Dec 01 Nov 02 Change
cw.net 11,980 9,653 -19.4%
exodus.net 10,797 8,605 -20.3%
gblx.net 6,681 4,767 -28.6%
above.net 5,838 4,133 -29.2%
level3.net 8,980 5,449 -39.3%
digex.com 9,883 2,374 -76.0%
psi.net 5,244 1,272 -75.7%
By contrast, the most successful hosting companies in terms of growth
of ip addresses hosting internet web sites, are smaller organisations
that have grown primarily with funding supplied by customers, rather
than investors. Some have had no external investor funding at all, and
venture capitalists must deeply regret not only the extent to which
companies like Exodus and Digex were funded, but also that they
overlooked, or were denied access to, some of the safest opportunities
in the industry.
Primates
Number of IP Addresses hosting Websites
Hoster Dec 01 Nov 02 Change
rackshack.net 5,152 13,459 +161.2%
crystaltech.com 6,874 11,170 +62.5%
dialtoneinternet.net 22,441 31,351 +39.7%
ratiokontakt.de 6,444 8,375 +30.0%
he.net 9,659 12,493 +29.3%
datapipe.net 13,603 17,340 +27.5%
rackspace.com 8,776 11,160 +27.2%
Hosting industry participants will likely regard Rackshack as a unique
company which has hit a sweet spot with customers, but will take note
that while the dedicated server industry was kickstarted by Cobalt,
today several of the fastest growing companies, typified by
Crystaltech and Datapipe, are ones that have given prominence to
hosting on Windows.
Microsoft RDS vulnerability not likely to be pervasive on web servers
Microsoft have recently announced a [4]critical security
vulnerability in Microsoft's Data Access Components (MDAC). MDAC
contains a feature called Remote Data Services (RDS), a technology to
provide a database interface over HTTP. It has been an optional
component for Microsoft-IIS since version 4, and is integrated into
Internet Explorer.
Some people have interpreted a widely sourced [5]Bloomberg news
article in which our figure of 4 million active web sites running
Microsoft-IIS and the word "Worm" appear in close proximity, as
implying that the majority of Microsoft-IIS web servers are
vulnerable.
Although we do not have any directly observed information on how many
internet sites use RDS, the results we see on sites having their
security tested for the first time in our own [6]security testing
business indicate that the percentage of public Microsoft-IIS sites
using RDS is likely to be small.
Approximately 8% of Microsoft-IIS sites tested in 2001 had RDS open to
the public; in 2002 this has fallen to around 5%. This fall can be
largely explained by the gradual migration of sites to
Microsoft-IIS/5.0, where RDS is not enabled by default. Almost no
Microsoft-IIS/5.0 sites we have tested were offering RDS and the
proportion of Microsoft-IIS/4.0 sites offering RDS is fairly stable at
around one in four.
The caveats are that this is a small [hundreds of sites] and biased
[our customers are more likely to be running version 5.0 of
Microsoft-IIS than the internet as a whole] sample, rather than a
census, but we think that only a fairly small section of the
Microsoft-IIS community is likely to use RDS, and that it is rarely
enabled on public sites. Microsoft's security checklists and IIS
lockdown tool have long encouraged webmasters to disable RDS.
References
1. http://investor.genuity.com/notice.cfm
2. http://www.l3.com/
3. http://investor.ft.com/custom/ftmarkets-com/news/story.asp?FTSite=FTMW&guid={4E4F91D4-BC7D-421F-B7F8-F53448DC11BD}
4. http://www.microsoft.com/security/security_bulletins/ms02-065.asp
5. http://www.stltoday.com/stltoday/business/stories.nsf/Business/FB9BAFE31FD76D3386256C780026E0AC?OpenDocument&Headline=Microsoft+flaw+could+let+hackers+control+PCs,+servers
6. http://www.netcraft.com/security/
Internet Research from Netcraft.
Netcraft does commercial internet research projects. These include
custom cuts on the Web Server Survey data, hosting industry analysis,
corporate use of internet technology and bespoke projects. All of the data
is gathered through network exploration, not teleresearch.
sales@netcraft.com
Network Security Testing from Netcraft.
Netcraft provides automated network security testing of customer networks
and consultancy audits of ecommerce sites, Clients include IBM,
Hewlett Packard, Deloitte & Touche, Energis, Britannic Asset Management,
Guardian Royal Exchange, Lloyds of London, Laura Ashley, etc.
Details at http://www.netcraft.com/security/
To unsubscribe from the Netcraft Web Server Survey Announcements list
send the message
unsubscribe webserver-survey
to majordomo@netcraft.com
To resubscribe send the message
subscribe webserver-survey
Mike
--
Mike Prettejohn
mhp@@netcraft.com Phone +44 1225 447500 Fax +44 1225 448600
Netcraft Rockfield House Granville Road Bath BA1 9BQ England
(Log in to post comments)
|
|
||||||||||||