In the October 2021 survey we received responses from 1,179,448,021 sites across 265,426,928 unique domains and 11,388,826 web-facing computers. This reflects a loss of 8.59 million sites, but a gain of 1.07 million domains and 20,800 computers.
The number of unique domains powered by the nginx web server grew by 789,000 this month, which has increased its total to 79.5 million domains and its leading market share to 29.9%. Conversely, Apache lost 753,000 domains and saw its second-place share fall to 24.7%. Meanwhile, Cloudflare gained 746,000 domains – almost as many as nginx – but it stays in fourth place with an 8.15% share while OpenResty’s shrank slightly to 14.5%.
Cloudflare also made strong progress amongst the top million websites, where it increased its share by 0.24 percentage points to 18.2%. nginx is in second place with a 22.5% (+0.12pp) share but has closed the gap on Apache which still leads with 24.0% after losing 0.21pp.
Apache also continues to lead in terms of active sites, where it has a total of 48.0 million. However, it was the only major vendor to suffer a drop in this metric, with a loss of 277,000 active sites reducing its share down to 23.9% (-0.29pp). In terms of all sites, nginx lost the most (-9.99 million) but remains far in the lead with a total of 412 million.
Apache vulnerability being actively exploited in the wild
Apache 2.4.51 was released on 7 October. This is the latest release in the 2.4.x stable branch, which the developers consider to be the best available version of the Apache HTTP Server; but more importantly, this release fixes a path traversal vulnerability present in Apache 2.4.49 and 2.4.50. Apache 2.4.50 was itself released a day earlier in an attempt to fix the vulnerability present in 2.4.49, but the fix was found to be insufficient.
The vulnerability is being actively exploited in the wild, so anyone still running an unpatched Apache 2.4.49 or 2.4.50 installation should upgrade immediately. In some cases, the path traversal vulnerability could facilitate remote code execution on the web server.
Due to the nature of this vulnerability, some otherwise vulnerable installations may be immune to attack if a web application firewall (WAF) is in place, or if a frontend proxy or load balancer modifies malicious requests in a way that makes them safe. For instance, all vulnerable Apache installations served via the Cloudflare content delivery network would have been protected from the outset if Normalize URLS to origin were enabled, and the Cloudflare WAF has rules that would have stopped many exploit attempts.
Other vendor and hosting news
- During September, Microsoft released fixes for three elevation of privilege and one remote code execution vulnerabilities in the Open Management Infrastructure (OMI) framework, which is used by several Azure Virtual Machine management extensions. The remote code execution vulnerability can only affect customers using a Linux management solution with remote OMI enabled. A full list of the vulnerable extensions and update availability is being maintained on the Microsoft Security Response Center blog.
- Microsoft announced the general availability its Azure Purview data governance solution on 28 September.
- On 5 October, Microsoft removed the waiting list for its Azure NetApp Files bare-metal cloud file storage and data management service.
- lighttpd 1.4.60 was released on 3 October. This version includes a large number of changes, including several bugfixes and improved handling of HTTP/2 connections.
- LiteSpeed Web Server 6.0.9 was released on 20 September to address several bugs and add a new log rotation feature. OpenLiteSpeed 1.7.14 – the open source edition of LiteSpeed Web Server Enterprise – was released on 7 September.
Developer | September 2021 | Percent | October 2021 | Percent | Change |
---|---|---|---|---|---|
nginx | 422,211,703 | 35.54% | 412,222,221 | 34.95% | -0.59 |
Apache | 295,667,361 | 24.89% | 290,462,410 | 24.63% | -0.26 |
OpenResty | 77,052,370 | 6.49% | 76,038,576 | 6.45% | -0.04 |
Cloudflare | 56,362,363 | 4.74% | 57,482,103 | 4.87% | 0.13 |
Developer | September 2021 | Percent | October 2021 | Percent | Change |
---|---|---|---|---|---|
Apache | 48,288,904 | 24.21% | 48,011,801 | 23.92% | -0.29 |
nginx | 40,553,124 | 20.33% | 41,062,259 | 20.45% | 0.12 |
18,896,757 | 9.47% | 19,233,447 | 9.58% | 0.11 | |
Cloudflare | 18,294,632 | 9.17% | 18,578,689 | 9.25% | 0.08 |
For more information see Active Sites
Developer | September 2021 | Percent | October 2021 | Percent | Change |
---|---|---|---|---|---|
Apache | 242,558 | 24.26% | 240,436 | 24.04% | -0.21 |
nginx | 223,775 | 22.38% | 224,963 | 22.50% | 0.12 |
Cloudflare | 180,043 | 18.00% | 182,420 | 18.24% | 0.24 |
Microsoft | 64,292 | 6.43% | 63,211 | 6.32% | -0.11 |
Developer | September 2021 | Percent | October 2021 | Percent | Change |
---|---|---|---|---|---|
nginx | 4,227,284 | 37.18% | 4,212,329 | 36.99% | -0.19 |
Apache | 3,503,918 | 30.81% | 3,506,243 | 30.79% | -0.03 |
Microsoft | 1,357,220 | 11.94% | 1,343,523 | 11.80% | -0.14 |
Developer | September 2021 | Percent | October 2021 | Percent | Change |
---|---|---|---|---|---|
nginx | 78,707,646 | 29.77% | 79,496,765 | 29.95% | 0.18 |
Apache | 66,328,129 | 25.09% | 65,574,868 | 24.71% | -0.38 |
OpenResty | 38,493,039 | 14.56% | 38,470,511 | 14.49% | -0.07 |
Cloudflare | 20,874,772 | 7.90% | 21,621,086 | 8.15% | 0.25 |
When you’re building a database for a web application, one of the most impactful decisions is the data type you choose for text data fields. MySQL provides multiple string data types, each with unique characteristics and trade-offs. The data type you choose affects how much data you can store, where it’s stored, the functionality available to you, and the performance of everyday database operations. In this article, we’ll look at one frequently asked question concerning …
The post VARCHAR vs. TEXT for MySQL Databases first appeared on cPanel Blog.
What Are the Best Shopify® Alternatives in 2021?
U.S. ecommerce sales rose by over 44% last year, the most significant single-year increase since ecommerce became a serious player in the retail space at the beginning of the century. As COVID-19 closed brick-and-mortar stores and kept customers at home, shopping moved online and retailers rapidly expanded ecommerce operations. Shopify, the cloud ecommerce platform, is one of the biggest beneficiaries. Shopify aims to lower ecommerce’s technical barriers and simplify store management. That …
The post What Are the Best Shopify® Alternatives in 2021? first appeared on cPanel Blog.
With the introduction of the Jupiter theme in version 98, you may have wondered about the fate of Paper Lantern. Today we officially announce Paper Lantern’s deprecation and its eventual removal from the product. What does this mean for you? If you are already using Jupiter, relax; you are good for all future updates. If you are using Paper Lantern, why not give Jupiter a try? You can continue using Paper Lantern for the short term, but eventually, we will stop supporting this theme. How much …
The post A Farewell To Paper Lantern first appeared on cPanel Blog.