cloudlinux184x80CloudLinux – Shared Hosting made Stable

Lightweight Virtual Environment

limits

Lightweight Virtual Environment (LVE) is a kernel-based isolation technology that limits and controls the amount of resources (CPU, memory, the number of processes, and IO) available to a specific user. This allows for improved stability and enhanced reliability. LVE will control the web, cron jobs, and shell access, creating a protective bubble around each customer and preventing each customer from abusing the server.
It’s almost like having your own fully managed VPS, especially if combined with your own dedicated IP address.

If your company uses email, a dedicated IP eliminates any possibility that your mail IP banned due to any action by other tenants. (Spamming is very tightly controlled and does should usually present an issue).

Without CloudLinux:-

  • 75% of down-time & outages can be attributed to a single user

CageFS

cage

CageFS extends LVE isolation to each user’s file system. Through virtualisation, each user’s file system is effectively isolated in its own environment to prevent one user from seeing any other users or their files on the server. This creates a new level of security, making it much more difficult for hackers to attack, deface, or steal data from a shared hosting server. Additionally, it guarantees no SUID scripts are available to the end customer, preventing the majority of privilege escalation attacks. CageFS provides all of this while also providing a fully functional environment for the web, cron jobs, and shell.
This stops a single compromised site being used to compromise further sites on the same server. Effectively the filesystems are separate as if each user had their own VPS. Making UnixGuru Hosting ideal for e-commerce sites.

PHP Selector

php_selector

With CloudLinux, our customers will have the flexibility to choose the PHP version they need. That includes versions 4.4, 5.1, 5.2, 5.3, 5.4, 5.5 & 5.6 combined with CageFS this allow the running of old Legacy PHP scripts in a secure environment, and allows the testing of scripts against future (the latest) versions of PHP.
With more than 120 selectable modules for the different versions of PHP, this makes UnixGuru Hosting ideal for developers who need to work with new and old technologies.
PHP Selector sits on top of the CageFS technology, which allows the user to change the PHP binaries and modules in the customer’s hosting environment at the flick of a switch.
CloudLinux provides Hardened-PHP, which keeps new and old PHP secure and safe to use in a shared environment.

OptimumCache

optimumcache

Shared hosting servers have multiple Web sites that are using WordPress, Magento, Joomla, Drupal and other popular applications. These applications are composed of exactly the same files, yet the files would traditionally have to be loaded separately for each Web site, wasting both server’s IO and memory. OptimumCache solves these problems by creating a cache of duplicate files so that they are loaded and cached once from the file system. In doing this, the system effectively eliminates disk I/O, significantly improving the speed of sites loading.

The memory saved can be utilised to cache more files or serve more apache/Litespeed processes.

Customers have reported:-

  • 30% Drop in System CPU Usage
  • 52% Drop in I/O Wait
  • 25% Drop in total CPU Usage
  • 50% Drop in Disk Utilisation
  • Up to 20% drop in latency for popular URLs

MySQL Governor

mysql

MySQL Governor monitors MySQL usage and detects abusers, restricting their connectivity if they start using more than their allocated resources. This tool comes with a utility to view current usage that provides unprecedented visibility of and control over MySQL usage, significantly diminishing the number of support issues caused by MySQL abuse.
By combining the CPU time that a site spends using MySQL with the amount of CPU that the site spends performing PHP and CGI scripts and keeping this within a limit, we stop poorly written sites from taking down the server, whilst the CloudLinux toolsets highlight the issue to the administrator. Prior to this technology, it was infinitely harder to track down MySQL abuse and poorly written code.

SecureLinks

shield

SecureLinks is a kernel-level technology that prevents all known symbolic link attacks, which enhances the security level of the servers even further.

Without CloudLinux:-

The symlink attack is an old favourite of hackers and is still very much prevalent.

It just takes a single unpatched/vulnerable script for a hacker to obtain access to a server.

The attack usually occurs after the hacker has been able to read the contents of the /etc/passwd file and has enumerated the server’s users.

(Without CageFS all users have access to the /etc/passwd file which contains the usernames of all customers. However when CageFS is enabled the virtual /etc/passwd file the customer has access to only contains their own account, so a compromised script cannot enumerate the server’s other users.)

The attacker then runs a script which blindly builds symbolic links (a bit like shortcuts on Windows or Aliases on a Mac) to locations where configuration files for commonly used CMS might be kept in each user’s home directory.

For example,

  • WordPress config files are typically found at /home/<user>/public_html/wp-config.php
  • Joomla config files are typically found at /home/<user>/public_html/configuration.php
  • Magento config files are typically found at /home/<user>/public_html/app/etc/local.xml

It’s a numbers game – in most cases the symbolic links created will point to nothing at all, but on a server with hundreds of users, it is likely that a number of hits will occur. If the permissions on these files allow the world to read the file.

i.e. if the right most number that makes up the chmod permissions is anything greater than 1.

(Again CageFS alone, would stop this kind of attack as the others customers files would not exist on your user’s filesystem, to link to in the first place).

Even if you do not run CageFS on CloudLinux (UnixGuru does) then SecureLinks ignores any symbolic links where the start and end users do not match at the Kernel Level.

i.e. Any links that user jbloggs, links to files belonging to jdoe, would not work, as the start and end of the link are not the same user.

 

UnixGuru Circle LogoWhy UnixGuru chose CloudLinux

CloudLinux customers experience:-

  • 3 x less reboots than with ordinary RHEL/CentOS (made even fewer by KernelCare).
  • 6 x less user suspensions
  • 70% drop in support cases for our Helpdesk
  • All major PHP versions and extensions supported.

Enhances our support model:-

  • CloudLinux (Commercial OS with support)
  • LiteSpeed (Commercial WebServer with support)
  • DirectAdmin (Commercial control panel with support)

Our Payment Methods

You can pay us using your Paypal account, Major Credit Cards, Bitcoin or Direct Debit

payments50