Blog

December 2023 Web Server Survey

In the December 2023 survey we received responses from 1,088,057,023 sites across 269,268,434 domains and 12,355,610 web-facing computers. This reflects a loss of 4.1 million sites, an increase of 238,593 domains, and a loss of 128,028 web-facing computers.

nginx experienced the largest loss of 4.5 million sites (-1.79%) this month, and now accounts for 22.5% of sites seen by Netcraft. Microsoft suffered the next largest loss, down by 2.5 million sites (-9.65%).

OpenResty remains the largest growing vendor, gaining 3.3 million sites (+3.64%) and increasing its market share to 8.71%. Second to OpenResty is Google, which gained 1.5 million sites (+2.65%).

Vendor news

  • Apache Tomcat versions 9.0.83, 10.1.16, 11.0.0-M14, and 8.5.96 were released.
  • OpenResty version 1.21.4.3 was released, patching a bug that made it vulnerable to HTTP/2 rapid reset attacks.
  • AWS held its annual re:Invent conference, with announcements including:
Total number of websites
Web server market share
Developer November 2023 Percent December 2023 Percent Change
Apache 248,343,154 22.74% 248,118,087 22.80% 0.06
nginx 249,368,944 22.83% 244,903,710 22.51% -0.32
Cloudflare 115,937,937 10.62% 113,499,479 10.43% -0.18
OpenResty 91,405,835 8.37% 94,737,403 8.71% 0.34

Web server market share for active sites
Developer November 2023 Percent December 2023 Percent Change
Apache 40,080,759 20.98% 39,476,338 20.84% -0.14
nginx 36,927,632 19.33% 36,176,461 19.10% -0.23
Cloudflare 23,035,498 12.06% 23,076,699 12.18% 0.12
Google 20,759,419 10.87% 20,543,756 10.85% -0.02

For more information see Active Sites.

Web server market share for top million busiest sites
Developer November 2023 Percent December 2023 Percent Change
Cloudflare 222,400 22.24% 223,795 22.38% 0.14
nginx 206,286 20.63% 207,158 20.72% 0.09
Apache 204,504 20.45% 203,097 20.31% -0.14
Microsoft 48,019 4.80% 47,476 4.75% -0.05
Web server market share for computers
Developer November 2023 Percent December 2023 Percent Change
nginx 4,904,964 39.29% 4,867,232 39.39% 0.10
Apache 3,212,874 25.74% 3,183,227 25.76% 0.03
Microsoft 1,205,605

December 15, 2023
0 comment
Read More >>

Protecting Indoor Air Quality with Environmental Control & Monitoring

As winter closes in, keeping windows tightly shut in commercial buildings becomes essential. However, sealing our spaces can compromise indoor air quality (IAQ) by fostering the accumulation of pollutants and allergens, posing health risks for occupants. In this post, we’ll look at the role Environmental Control Systems (ECS) play in bolstering air quality within commercial […]

December 14, 2023
0 comment
Read More >>

AI and Emerging Technologies of eDiscovery Days Past, Present and Future

You don’t have to be visited by multiple spirits on Christmas Eve to know the technologies of eDiscovery Days past, present and future have changed and continue to do so at an increasingly rapid pace. In the spirit of eDiscovery Day (see what we did there), TCDI’s Caragh Landry and David York will reflect on […]

The post AI and Emerging Technologies of eDiscovery Days Past, Present and Future appeared first on TCDI.

December 7, 2023
0 comment
Read More >>

It’s not cricket! Sri Lanka and Bangladesh co-host phishing attack

Sri Lanka and Bangladesh have a successful history of co-hosting the Cricket World Cup, but today the two countries’ governments have found themselves on a sticky wicket by co-hosting a phishing attack that targets UK banking customers.

Victims lured to a certain page on the Lanka Government Network website at lgn2.gov.lk will be swiftly redirected to a phishing site hosted by the Rajshahi Metropolitan Police in Bangladesh (rmp.gov.bd).

The phishing site hosted on a Bangladesh Police website.

It is unlikely that either government is consciously hosting a phishing attack in unison like this, especially on a website belonging to a police force – although this should certainly make the crime easier to investigate.

Many phishing sites and other web-based types of cybercrime are hosted on compromised servers, and that looks likely to be the case in this instance. Last month, the homepage of lgn2.gov.lk was defaced by a group identifying itself as Cyb3r Drag0nz, indicating that they had gained unauthorised access to the web server.

Things seem to have spiralled out of control ever since. The Lanka Government Network website is now heavily compromised and currently hosts multiple web shells in addition to being involved in this phishing attack.

The PHP web shells hosted on lgn2.gov.lk include variants of the mini shell, including 1337 3YP455 and CasperSecurity. These allow files to be uploaded to the web server, which may have been how the phishing content – and other web shells – have been placed on the site.

Other web shells found on the Lanka Government Network site include variants of the WSO web shell (such as YANZ bypass and V3n0m), which let attackers run arbitrary commands on the web server, manage files, and carry out attacks against other servers.

The LGN website promotes a secure government network for Sri

December 7, 2023
0 comment
Read More >>

Enhancing Patient Outcomes Through Secure, High-Performance Networks: Insights from Healthcare Experts

A new Ponemon report showed the average total cost for the most expensive healthcare cyberattack experienced was $4.4 million, including $1.1 million in lost productivity. As healthcare executives look to protect…

The post Enhancing Patient Outcomes Through Secure, High-Performance Networks: Insights from Healthcare Experts appeared first on Connected.

December 6, 2023
0 comment
Read More >>

.zip TLD: six months on, and still rollin’

It has been six months since Netcraft first reported on abuse of the new .zip TLD, outlining the fraudulent activity we detected and blocked. Within weeks of its launch, Netcraft had detected many fresh .zip domain registrations designed to exploit confusion between the new TLD and the .zip file extension for ZIP archives.

So, what has changed in the last 6 months? Not much, it seems.

.zip registrations

The rate of new .zip domains registrations has declined since our previous blog post. Despite this, there are now:

  • 16,705 registered .zip domains (a threefold increase since our previous post) 
  • 8,432 .zip domains with A records in total (a fourfold increase) 
  • 4,421 .zip domains with MX records in total, only 619 of which don’t also have A records 
  • 4,196 distinct IP addresses for .zip domains in total (a fivefold increase)
  • 417 .zip domain names that mention ‘installer’ or ‘update’ (a twofold increase) 

Out of these domains, we discovered 5 serving zip bombs. In addition, the larger number of distinct IP addresses (1 for every 4 domains now, compared to 1 for every 6 domains six months ago) suggests that .zip domains are becoming more diverse.

Malicious websites

Netcraft has blocked 50 malicious .zip domains since the previous post on 17 May 2023, bringing the total to 56. These domains mostly impersonate Microsoft, Google, and Steam, as the following figure illustrates:

Other notable attacks include:

  1. Apecoin[.]zip, first seen on 9th August 2023, is a crypto drainer scam impersonating a cryptocurrency platform. It purports to add cryptocurrency to a user’s wallet, but when authorisation is given instead transfers all their assets (cryptocurrency, NFTs, etc) to the criminals operating the site. This same technique is being used by criminals exploiting people’s generosity around the Gaza conflict.

  2. Sledgehammer[.]zip, first seen

November 29, 2023
0 comment
Read More >>