Windows XP is a more exotic choice for hosting a website than the dominant platforms such as Linux Apache and nginx, but XP servers running an early version of Microsoft's Internet Information Server (IIS) web server suite exist in large enough numbers — more than 6,000 to be precise, according to UK web security firm Netcraft.
Netcraft's April figures show that a third of websites hosted on XP servers (1,869) are located in the US, while it's only three percent in China — the reverse of the trend seen on the desktop, where China is home to the largest number of XP machines, the company noted.
Netcraft noted that 14 US government websites are among those that run on XP, including a .gov webmail system that services government organisations in Utah.
In its April report, Netcraft noted that IIS stands alone this year as the only web server platform that has yet to be affected by a publicly-known security issue. The same can't be said for XP, which has featured in the four Patch Tuesdays that have happened so far this year.
As Microsoft noted in one of its many XP end-of-support warnings: "Between July 2012 and July 2013 Windows XP was an affected product in 45 Microsoft security bulletins, of which 30 also affected Windows 7 and Windows 8."
And just as Microsoft predicted XP will become especially targeted once it no longer receives patches, servers running the OS are likely to draw similar attention, according to Netcraft.
"Unsupported web-facing Windows XP servers are likely to become prime targets for hackers, particularly if any new Windows XP vulnerabilities are discovered, as no security updates will be available to fix them," it noted.
But it seems that it's actually common practice to run websites on old, unsupported versions of Windows, including extremely busy ones. For example, the website of Australia Post, the country's national postal system operator, is still running on Windows NT4 — a predecessor to Windows 2000 — as it was 13 years ago. It's also used for Australia Post's online bill payment service, Postbillpay.
Netcraft noted that 500,000 websites are hosted on Windows 2000 servers, which shipped with IIS 5.0, while there are 50,000 running on Windows NT4 with IIS 4.0. Windows Server 2012 and Windows 8.1 ship with IIS 8.5.
In April, Netcraft's survey covered just under one billion websites. It found half of all active websites running on an Apache server, and 11 percent of these running on various versions of Microsoft's IIS.