|| ||firstname.lastname@example.org (Mike Prettejohn)|
|| ||August 2002 Netcraft Web Server Survey|
|| ||Tue, 20 Aug 2002 00:58:24 +0100 (BST)|
The August 2002 Netcraft Web Server Survey is out;
Developer July 2002 Percent August 2002 Percent Change
Apache 21453498 57.62 22859123 63.51 5.89
Microsoft 11866718 31.87 9139785 25.39 -6.48
Zeus 787071 2.11 765115 2.13 0.02
iPlanet 494567 1.33 486868 1.35 0.02
Developer July 2002 Percent August 2002 Percent Change
Apache 10811987 65.21 11001650 66.64 1.43
Microsoft 4176048 25.19 4074058 24.68 -0.51
iPlanet 214063 1.29 208968 1.27 -0.02
Zeus 183921 1.11 184143 1.12 0.01
Around the Net
Microsoft loses around 6% share this month, as register.com continues to
fluctuate between using a Windows and Linux front end, and homestead.com,
which originally based its business model on support from advertising, cleared
away over a million sites. Homestead recently raised $5M from its investors to
assist its transition to a paid for serivces model. To complete a bad news
month for Microsoft's share of the survey, Reuters reports that the Federal
Trade Commission will investigate the relationship between Verisign and
Interland with respect to marketing domain names. The NSI domain parking system
hosted at Interland is the other large repository of parked sites on the
Microsoft platform. Earlier in the year large numbers of sites were reaped at
Namezero, which had a controversial relationship with NSI regarding reselling
Apache SSL servers vulnerable to OpenSSL remote exploits
A detailed code review by Ben Laurie and colleagues at A.L. Digital has
unearthed four remotely exploitable buffer overflows in OpenSSL. Some of these
can be used to execute arbitrary code on the server, and most sites using
Apache for encrypted transactions and ecommerce will be vulnerable to the
attack. Coming hard on the heels of the recent vulnerabilities remote
vulnerabilities in Microsoft Commerce Server, Microsoft-IIS, and the main
Apacheserver, a great many ecommerce sites are presently vulnerable to direct
attack over the internet.
Counter-intuitively, web site managers seem quicker to fix conventional HTTP
servers than SSL servers, perhaps because they recieve more traffic, or because
the http service is the conduit favoured by worm writers. Almost half of the 22
million Apache HTTP sites found by the survey are running Apache/1.3.26, whilst
only around a quarter of the Apache SSL sites are running this version, which
fixes the chunked encoding vulnerability.
Explorer error allows impersonation of SSL sites
A recently demonstrated vulnerability in the Internet Explorer browser allows
web sites certified by Verisign to assume the identity of other sites,
including well known and widely used commerce sites.
The vulnerability is regarded as fundamental in that the majority of people
working in the digital certification industry are employed to perform identity
checks on people and businesses to ensure that they are who they say are, and
that the Explorer bug allows an attacker to cut directly through that process.
In practice, impersonation of unrelated sites will also require that the
attacker poison the DNS or engage in some form of url rewriting, and so actual
attacks are likely to be thin on the ground.
However, another possibility is that some people may utilise the vulnerability
to make use of Verisign certificates as a kind of company licence. Someone in a
large corporation might, instead of buying 100 certificates from Verisign,
save money by buying just one, and produce the remaining 99 using the process
outlined by Mike Benham.
Who's winning in the hosting industry?
Presently, the mainstream coverage of the hosting industry is full of
doom and gloom. In the last couple of weeks, Digex and Divine have each
reported $50M in quarterly losses, and many of the largest companies in
the industry such as Worldcom, Global Crossing, and XO have set a course
of huge losses, bankruptcy and SEC investigation.
Given the widespread coverage of these events, people could be forgiven
for thinking that it was not possible to operate a hosting company at a
profit, or even to grow revenue in the present environment.
Yet, amidst the carnage, some companies with more carefully chosen business
models have been able grow at rates which would normally be regarded as
impressive, but seem outstanding in the current climate.
Taking the hosting companies identified by the Web Server Survey and
restricting the analysis to those that have no known finanical problems
and were already large at the start of the year, shows that eight companies
companies have achieved roughly 30% growth [ rackspace is 29 and a fraction]
since the start of the year, and seem set for 50% year on year growth
measured by responding ip addresses.
Hosting Companies with fastest increase in responding ip addresses
Hosting Company January 2002 August 2002 Change
rackshack.[net] 5,485 10,329 88%
cybercon.com 8,607 12,373 44%
crystaltech.com 7,109 10,188 43%
interland.net 92,052 125,589 36%
dialtoneinternet.net 24,429 32,752 34%
sphere.ad.jp 8,173 10,771 32%
he.net 9,791 12,810 31%
rackspace.com 9,419 12,176 29%
Leading the table by a wide margin is rackshack.net which offers exceptionally
cheap pricing. Rackshack also has an ISP business ev1.net, which may make its
cost of ownership of bandwidth lower than for pure dedicated server vendors.
It is noteworthy that all of the fastest growing companies are all majoring in
dedicated servers, although Interland and Crystaltech also have a large shared
business. Dedicated servers have proved the most successful segment of the
industry, though the largest shared hosters, Alabanza and Pair Networks are
also showing good growth, but at a rate below the companies in the table.
Also, noteworthy from Sun's perspective, is that few of the companies continue
to offer Cobalt, which was not long ago a defacto standard in the dedicated
server industry. Hosters now prefer servers from IBM, Compaq, or no name boxes,
with third party control panels. Notably, Rackshack dropped Cobalt near the
start of the year, not long after placing the largest ever order for Cobalt
servers in December.
Internet Research from Netcraft.
Netcraft does commercial internet research projects. These include
custom cuts on the Web Server Survey data, hosting industry analysis,
corporate use of internet technology and bespoke projects. All of the data
is gathered through network exploration, not teleresearch.
Network Security Testing from Netcraft.
Netcraft provides automated network security testing of customer networks
and consultancy audits of ecommerce sites, Clients include IBM,
Hewlett Packard, Deloitte & Touche, Energis, Britannic Asset Management,
Guardian Royal Exchange, Lloyds of London, Laura Ashley, etc.
Details at http://www.netcraft.com/security/
To unsubscribe from the Netcraft Web Server Survey Announcements list
send the message
To resubscribe send the message
mhp@@netcraft.com Phone +44 1225 447500 Fax +44 1225 448600
Netcraft Rockfield House Granville Road Bath BA1 9BQ England
to post comments)