Web Servers as Viewed by Google
For a long time, one of the most reputable sources for the breakdown of the numbers of installed web servers across the Internet has been the Netcraft survey of web servers. Now, Google has released information about how the Googlebot webcrawler has been viewing the Internet.
Based off almost 80 million individual servers, discounting any virtual host servers (so it would only count each physical server), and deriving results from the HTTP 'Server:' header, Google have identified that 66% of the sample set are using Apache to provide web server capabilities, with only 23% using Microsoft's IIS to serve web data.
From a vulnerability perspective, and considering only the number of IIS 5.x servers (approximately 20% of the total IIS numbers), it indicates that the recently highlighted authentication bypass methods could be used against 3.5 million individual web hosts. If there are virtual hosts in use, where a number of different websites are hosted on the same physical server, then the 3.5 million servers could feasibly translate into 10 million or more actual website domains.
This may be reflected in the data presented by Google which indicates that almost half of the 70,000 domains recently identified by Google as hosting or distributing malware and Internet-based exploits are hosted on IIS. The underlying truth is that the percentage balance of IIS 5.x to IIS 6.x from this restricted dataset is almost the same as for the overall web hosting numbers.
6 June 2007
Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.
Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.Comments will soon be available for registered users.