Welcome to our

Cyber Security News Aggregator

.

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.

December 2021 Web Server Survey

published on 2021-12-22 12:30:00 UTC by Netcraft
Content:

In the December 2021 survey we received responses from 1,168,864,866 sites across 268,328,184 unique domains and 11,669,818 web-facing computers. This represents a loss of 6.53 million sites, but a gain of 1.30 million domains and 144,000 computers.

nginx lost a significant number of sites (-23.88 million) and domains (-8.54 million) this month, though it continues to hold the highest market share in both categories with 32.9% of sites and 26.7% of domains. nginx’s domain market share lead over Apache dropped significantly, falling from a 5.6 percentage point lead to a 2.6 percentage point lead. nginx also gained 81,100 web-facing computers this month, giving it 37.5% of market share in this category.

Apache also lost sites (-3.09 million) and domains (-446,000) this month, though it gained 5,700 web-facing computers. Apache continues to hold second place across all three key metrics.

The largest increase in both domains and hostnames was seen for “awselb”, used by Amazon’s Elastic Load Balancing service, and accounts for the majority of the loss experienced by nginx. The change was as a result of GoDaddy’s URL redirector service, which allows domains registered with GoDaddy to be pointed at arbitrary URLs, being moved from their own hosting facilities to Amazon’s ELB service.

Many other web servers also saw reasonable growth in the number of sites this month, with OpenResty and Microsoft gaining 2.42 million and 2.15 million respectively, followed by LiteSpeed and Cloudflare with 1.76 million and 1.28 million. Fewer servers gained domains this month, though OpenResty gained a respectable 850,500 (+2.19%).

Cloudflare gained 2,431 sites in the million most popular sites, increasing its market share by 0.24 percentage points to 18.6%. Apache continues to maintain a slim lead over nginx, though both lost sites this month. Microsoft’s market share dropped, as it lost 4,119 sites this month taking it to 6.15% of the total and down from 6.89% at the start of the year.

Log4Shell impact on web servers

A critical vulnerability dubbed “Log4Shell” was identified in the Java log4j logging library, and was publicly disclosed on 9th December. The vulnerability has impacted a broad range of organizations as the log4j library is widely used, and the flaw can be easily exploited to break into systems, steal data, and infect networks with malicious software.

Many widely-used web servers such as Tomcat and Jetty are written in Java but do not use the log4j library by default so are not directly affected by the issue. However, they can be configured to do so, and it is also possible that sites that use popular web servers written in other languages - Apache and nginx are written in C, for instance - may still use the vulnerable library at some level in their technology stack.

Several less well-known servers integrate the log4j library directly, such as IBM WebSphere. Several WebSphere components such as the Admin Console use the library and so are vulnerable to the issue, while applications served using WebSphere may be vulnerable if they use the library. IBM WebSphere is not widely used: this month Netcraft identified 3,778 sites using the server, which were hosted on 830 IP addresses. Amongst these, Netcraft found government and banking websites, though it is unknown whether these sites are vulnerable.

Vendor news

  • Apache 2.4.52 was released on 20 December. This release fixes several security issues, including a possible buffer overflow in mod_lua and server-side request forgery vulnerability in forward proxy configurations.
  • nginx unit 1.26.1 was made available on 2 December and fixes several bugs introduced in the 1.26.0 release.
  • Lighttpd 1.4.62 and 1.4.63 were released in quick succession at the start of December and include many minor changes and bugfixes.
  • Apache Tomcat 9.0.56, 10.0.14, and 10.1.0-M8 (alpha) were released on 2 December.
Total number of websites
Web server market share
DeveloperNovember 2021PercentDecember 2021PercentChange
nginx408,226,31934.73%384,347,39432.88%-1.85
Apache286,494,60024.37%283,409,49124.25%-0.13
OpenResty76,480,9276.51%78,902,1386.75%0.24
Cloudflare58,629,3654.99%59,904,4505.13%0.14
Web server market share for active sites
DeveloperNovember 2021PercentDecember 2021PercentChange
Apache47,499,41123.73%47,216,24623.61%-0.12
nginx41,163,24020.56%39,893,79319.95%-0.62
Cloudflare18,873,0759.43%19,249,1279.62%0.20
Google18,957,8339.47%19,110,5089.55%0.08

For more information see Active Sites

Web server market share for top million busiest sites
DeveloperNovember 2021PercentDecember 2021PercentChange
Apache239,88023.99%237,63323.76%-0.22
nginx223,63422.36%222,25322.23%-0.14
Cloudflare183,51418.35%185,94518.59%0.24
Microsoft65,5796.56%61,4606.15%-0.41
Web server market share for computers
DeveloperNovember 2021PercentDecember 2021PercentChange
nginx4,293,59437.25%4,374,72137.49%0.24
Apache3,519,66830.54%3,525,36730.21%-0.33
Microsoft1,344,32211.66%1,351,66611.58%-0.08
Web server market share for domains
DeveloperNovember 2021PercentDecember 2021PercentChange
nginx80,237,54130.05%71,698,14326.72%-3.33
Apache65,185,64024.41%64,739,25824.13%-0.28
OpenResty38,800,71614.53%39,651,22114.78%0.25
Cloudflare22,024,9748.25%22,242,2248.29%0.04
Article: December 2021 Web Server Survey - published almost 3 years ago.

https://news.netcraft.com/archives/2021/12/22/december-2021-web-server-survey.html   
Published: 2021 12 22 12:30:00
Received: 2021 12 22 14:24:58
Feed: Netcraft
Source: Netcraft
Category: Cyber Security
Topic: Cyber Security
Views: 1

Custom HTML Block

Click to Open Code Editor