Netcraft Claims Apache Now Runs 2/3rds Of The Web

Mr Bill writes "According to NetCraft the Apache web server now owns over 2/3rds of the web. The jump of 2.8% since last month is mostly due to a number of large domain parking sites switching back to Apache from IIS. 'During 2001 and the first half of 2002 several companies hosting very large numbers of hostnames including Webjump, Namezero, Homestead, register.com and Network Solutions migrated to Microsoft-IIS. Subsequently these businesses have either failed, significantly changed their business model, or reverted to their previous platform, and Microsoft-IIS share is now in line with its long term pre-summer 2001 level of around 20%.' See the full report here."

Re:Apache 2.0

The Apache version comes directly from the server signature. This is changed easily enough (we find 3K Apache 7.x sites) but most people don't bother.

This month, we found

• 26.3M Apache 1.x hostnames
• 1M Apache 2.x hostnames
• 3M Unknown Apache hostnames

Magnus at netcraft dot com

Re:Mono-cultures not good!!!!!

[jalet]

Problem with Zope is that it's often installed behind Apache which serves as proxy/urlrewriter and so Netcraft may only see Apache some times. (it correctly detects Zope for my own website though)

Re:Microsoft running on Linux?

[PowerBert]

Ummm, could it be because it's their Unix. Hp push Linux too, and their website runs HPUX. All vendors use their own OS to run their websites. Can you imagine all the flack they would get if they didn't?

Funnily enough SCO are the only ones that don't run their own OS on their webservers. The run Linux, whats wrong with OpenServer???

Who really stands behind their products?

IBM run IBM/Apache on AIX

HP run Apache on HP-UX

SGI run Netscape Enterprise on Irix

Sun run SunONE webserver on Solaris

Apple run Apache on MacOS-X

FreeBSD run Apache on FreeBSD

NetBSD run Apache on Net/OpenBSD

OpenBSD runs Apache on Solaris? I'm sure thats because a uni hosts it.

Microsoft got scared at the last worm outbreak and now hide
2003 behind a Linux webcache farm ;-)

The one to beat them all.............

SCO run Apache on Linux

Factual post : most secure server is NOT apache

This valuable informative post got modded down to -1 even though it is nothing but 100% informative, and I rarely ever post it. Therefore I will post it three times in case the apache-fanboy mods it down to -1 again

I in 400 SECURE servers is still a classic Mac Os host even cccording to netcraft !

Because no mac in the history of the internet hosting a web server has ever been rooted or defaced remotely.

Why?

Because not one version of Mac OS has ever had a single exploitable hole ever discovered. (classic mac os now up to version 9.2.2 on currenlty sold g4 tolwers). OpenBSD has had no less than 5 holes (not one) in the default install in the last two years. Mac OS has had ZERO in over 7 years, even when paired up with its preferred web server app.

The Army (www.army.mil) has used Webstar for years on macs for security.

In fact in the entire SecurityFocus (BugTraq) database history there has never been a Mac exploited over the internet remotely. Scan it yourself.

For years, except, for a couple months ago, the army has always used MacOS and has never had a break-in on a Mac. Unlike their other MS defacements.

http://uptime.netcraft.com/up/graph?site=www.arm y. mil

That is why the US Army gave up on MS IIS and got a Mac for a web server, sometimes it is a honeypot for OSX testing, and US ARmy use regular Mac OS on other internal servers

I am not talking about FreeBSD derived MacOS X (which already had a more than a 50 exploits and potential exploits in BugTraq database) I am talking about current Mac OS 9.x and earlier which are highly sophisticated abstract-OS models.

Why is is hack proof? These reasons :

1> No command shell. No shell means no way to hook or intercept the flow of control with many various shell oriented tricks found in Unix or NT. Apple uses an object model for procces to process communication that is heavily typed and "pipe-less"

2> No Root user. All mac developers know their code is always running at root. Nothing is higher (except undocumented microkernel stufff where you pass Gary Davidian's birthday into certain registers and make a special call). By always being root there is no false sense of security, and programming is done carefully.

3> Pascal strings. ANSI C Strings are the number one way people exploit Linux and Wintel boxes. The mac avoids C strings historically in most of all of its OS. In fact even its roms originally used Pascal strings. As you know pascal strings are faster than C (because they have the length delimiter in the front and do not have to endlessly hunt for NULL), but the side effect is less buffer exploits. Individual 3rd party products may use C stings and bind to ANSI libraries, but many do not. In case you are not aware of what a "pascal string" is, it usually has no null byte terminator.

4> Macs running Webstar have ability to only run CGI placed in correct directory location and correctly file "typed" (not mere file name extension). File types on Macs are not easily settable by users, expecially remotely. Apache as you know has had many problems in earlier years preventing wayward execution.

5> Macs never run code ever merely based on how a file is named. ".exe" suffixes mean nothing! For example the file type is 4 characters of user-invisible attributes, along with many other invisible attributes, but these 4 bytes cannot be set by most tool oriented utilities that work with data files. For example file copy utilities preserve launchable file-types, but JPEG MPEG HTML TXT etc oriented tools are physically incapable by designof creating an executable file. The file type is not set to executable for hte hackers needs. In fact its even more secure than that. A mac cannot run a program unless it has TWO files. The second file is an invisible file associated with the data fork file and is called a resource fork. EVERY mac program has a resource fork file containing launch information. It needs t