XP servers still powering 6,000 websites

Summary:Operators behind hundreds of thousands of websites apparently couldn't care less that they're running an unsupported operating system.

Windows XP is a more exotic choice for hosting a website than the dominant platforms such as Linux Apache and nginx, but XP servers running an early version of Microsoft's Internet Information Server (IIS) web server suite exist in large enough numbers — more than 6,000 to be precise, according to UK web security firm Netcraft.

Netcraft's April figures show that a third of websites hosted on XP servers (1,869) are located in the US, while it's only three percent in China — the reverse of the trend seen on the desktop, where China is home to the largest number of XP machines, the company noted.

Netcraft noted that 14 US government websites are among those that run on XP, including a .gov webmail system that services government organisations in Utah.

2014-04-09 12.23.00 pm
Image: Netcraft

In its April report, Netcraft noted that IIS stands alone this year as the only web server platform that has yet to be affected by a publicly-known security issue. The same can't be said for XP, which has featured in the four Patch Tuesdays that have happened so far this year.

As Microsoft noted in one of its many XP end-of-support warnings: "Between July 2012 and July 2013 Windows XP was an affected product in 45 Microsoft security bulletins, of which 30 also affected Windows 7 and Windows 8."

And just as Microsoft predicted XP will become especially targeted once it no longer receives patches, servers running the OS are likely to draw similar attention, according to Netcraft. 

"Unsupported web-facing Windows XP servers are likely to become prime targets for hackers, particularly if any new Windows XP vulnerabilities are discovered, as no security updates will be available to fix them," it noted.

But it seems that it's actually common practice to run websites on old, unsupported versions of Windows, including extremely busy ones. For example, the website of Australia Post, the country's national postal system operator, is still running on Windows NT4 — a predecessor to Windows 2000 — as it was 13 years ago. It's also used for Australia Post's online bill payment service, Postbillpay.

Netcraft noted that 500,000 websites are hosted on Windows 2000 servers, which shipped with IIS 5.0, while there are 50,000 running on Windows NT4 with IIS 4.0. Windows Server 2012 and Windows 8.1 ship with IIS 8.5.

In April, Netcraft's survey covered just under one billion websites. It found half of all active websites running on an Apache server, and 11 percent of these running on various versions of Microsoft's IIS.

Read more on the end of support for XP

Topics: Windows, Security

About

Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, s... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.