The Netcraft figures suggest that not many IIS servers are likely to be open to an attack exploiting a vulnerability in Microsoft's Data Access Components (MDAC), despite the flaw's having received a "critical" rating from the software maker last week.
Security company Foundstone, which discovered the MDAC flaw, said it could be as widespread as the flaws that allowed the Code Red and Nimda worms to spread. More than 4 million Web sites are hosted on IIS software, according to Netcraft. The MDAC hole was likely to affect the majority of these, said Foundstone and Microsoft, adding that millions of PCs running on Windows 95, 98, Me and 2000 could also be vulnerable.
Netcraft disputed the two companies' assessment, however. It noted that tests of hundreds of servers conducted by the company's security business over the past two years have shown few Web sites with the affected MDAC component turned on.
In 2001, about 8 percent of IIS sites being tested for the first time had the affected component, called Remote Data Services (RDS), open to the public, Netcraft said. In 2002 this had fallen to 5 percent, partly because of customers switching to IIS version 5.0, which does not have RDS enabled by default.
The testing sample is small, but Netcraft believes it is representative. "We think that only a fairly small section of the Microsoft IIS community is likely to use RDS, and that it is rarely enabled on public sites," the company said in a statement.
The Netcraft survey also found the large Web-hosting businesses that gained prominence in the 1990s are continuing to lose out to smaller, customer-supported firms.
Netcraft said that the number of Web sites in its survey grew by about half a million in November compared with October, despite the decline in the U.S. Web hosting industry, as non-U.S. Web hosting businesses picked up steam.
Over the course of this year, the proportion of U.S.-based sites in the survey has fallen from 56 percent to 45 percent, Netcraft said. "There has...been a net repatriation of existing active sites out of America as hosting services in the rest of the world have become more comparable with those in the U.S.," the company stated.
The decline of advertising-supported mass Web hosting and the reduction of sites parked at domain-name registration companies has also played a part in the shift, according to Netcraft.
The survey found that big Web hosting businesses are continuing to lose business, while smaller hosting firms are sometimes seeing dramatic growth.
The survey showed that the number of Web sites hosted in domains such as Cable & Wireless's cw.net, Exodus.net, Global Crossing's gblx.net and Above.net's site declined between 20 percent and 30 percent. The worst hit, such as Digex.com and Psi.net, lost more than 75 percent of their hosted sites.
Cable & Wireless recently announced it will close more than half of its 42 data centers, some of which were acquired from bankrupt Exodus, while communications and Web hosting company Genuity filed for bankruptcy this week.
In the meantime, smaller companies such as Dialtone Interland Managed Hosting and Ratiokontakt increased their tally of sites by more than 30 percent. Rackshack, which now hosts more than 13,000 sites, saw its total grow by more than 161 percent, according to Netcraft.
In November, the number of active sites hosted on open-source Apache servers was 10.7 million, or 64 percent of the total, up from 10.4 million, Netcraft said. The number hosted on IIS was 4.2 million, up from about 4 million. The software from the other two companies surveyed, Zeus and iPlanet, each commanded less than 2 percent of the market.