SECURE YOUR HOSTING FUTURE
CloudLinux OS Shared/ CloudLinux OS Shared Pro Features
Stability features
Security features
profitability features
Performance features
Lightweight Virtual Environment
Limit all CPU, IO, memory resources, numbers of processes, and concurrent connections per user
A single site can easily bring your server to a halt by consuming all your CPU, memory, and IO resources. Our proprietary Lightweight Virtual Environment (LVE) technology prevents that by allowing hosts to set up individual resource limits. This ensures that a tenant can never use more resources than they are given.
LVE is a kernel-level technology developed by the CloudLinux team. It integrates at the server, PAM (Pluggable Authentication Modules), and database levels to prevent any kind of abuse while maintaining the lowest overhead possible. The technology has roots in common with container-based virtualization.
The goal of LVE is to ensure that no single website can bring down your server.
MySQL is one of the main causes of issues on a shared server. MySQL Governor monitors MySQL usage and throttles abusers, preventing them from overloading the server, which improves overall stability and performance.
MySQL often becomes a major headache for shared hosting companies. Keeping MySQL stable is difficult, and customer queries can easily slow everything down. This is where MySQL Governor comes in. Its ability to pinpoint abusers and throttle them in real-time is unprecedented in the industry. With support from the latest versions of MySQL and MariaDB, it is a must-have for any shared host.
MySQL Governor tracks CPU and disk IO usage for every user in real-time and throttles MySQL queries by using same-per-user LVE limits. By using the dbtop utility, it is possible to see usage as it happens on a per-customer basis, ensuring that system admins always know what is going on.
CageFS is a virtualized, per-user file system that uniquely encapsulates each customer, preventing users from seeing each other and viewing sensitive information. CageFS prevents a large number of attacks, including most privilege escalation and information disclosure attacks. It is completely transparent to your customers, without any need for them to change their scripts.
Linux was never meant to be used by a large number of unvetted users and is therefore extremely prone to hacking. It is far too easy for a hacker to obtain an account on your server by using a stolen credit card and signing up or by abusing an outdated script one of your customers has not updated for years. After that, a hacker has inside access to the server and can begin poking around and attacking your server. That leaves you with the nightmare of cleaning up your hacked server.
CloudLinux OS Shared prevents this nightmare from happening. With CageFS, users are virtualized to their own file systems, preventing any individual user from seeing any other users on the server.
Several highly popular versions of PHP, used in nearly 85% of all PHP sites, are unsupported by the PHP.net community. HardenedPHP secures old and unsupported versions of PHP – 4.4.9, 5.1, 5.2, 5.3, 5.4, 5.5, 5.6, 7.0, 7.1, 7.2.
Percentages of websites using various versions of PHP
SecureLinks is a kernel-level technology that prevents all known symbolic link (symlink) attacks. It enhances the security level of the servers even further and prevents malicious users from creating symbolic link files (where an attacker tricks Apache Web server to read some other user’s PHP config files).
CageFS is extremely effective at stopping most information disclosure attacks, in which a hacker can read sensitive files like /etc/passwd. However, in some cases, CageFS won’t be able to protect against symbolic link attacks. For example, on cPanel servers, it is not enabled in the WebDAV server, cPanel file manager, and webmail, as well as some FTP servers that don’t include proper change rooting. This allows attackers to create symlinks or hardlinks to sensitive files like /etc/passwd and then use WebDAV, filemanager, or webmail to read the content of those files. With CloudLinux OS SecureLink, you can prevent such attacks by keeping malicious users from creating symlinks and hardlinks to files that they don’t own.
The PHP Selector allows end-users to select the specific version of PHP they need. It allows ultimate flexibility by offering all popular versions of PHP, with more than 120 PHP extensions to choose from.
Each of your customers is different, and each has different needs. With PHP being the dominant language on the internet, we package multiple versions of PHP and let the customer select which version they want to run. Customers can select between PHP 4.4, 5.1, 5.2, 5.3, 5.4, 5.5, 5.6, and 7.0, 7.1 and 7.2. They can also select from more than 120 different PHP extensions.
Quite often, a customer needs one extension while another customer needs a different extension. Without CloudLinux OS Shared, the way to handle this is to move the customer to VPS, which is often costly and might encourage your customer to move to a different hosting provider. No more. CloudLinux provides a large number of extensions and gives control to the end-user. Only users who need it will use the PHP selector. Everyone else will use the default PHP version that you have installed on your server. Customers can switch to a different version of PHP at any time.
The Ruby Selector allows end-users to select the specific version of Ruby they need.
Each of your customers is different, and each has different needs. The Ruby Selector allows end-users to choose the Ruby version for applications and install additional modules (gems) to the application environment. Ruby Selector uses mod_passenger for optimum performance.
Without CloudLinux OS Shared, the way to handle a customer needing a different version of Ruby is to move the customer to VPS, which is often costly and might encourage your customer to move to a different hosting provider. No more. CloudLinux OS Shared gives control to the end-user. Only those users who need it will use Ruby Selector.
The Ruby Selector is available for CloudLinux 6 or later and requires LVE Manager 0.9-1 or later. However, as an administrator, you can choose to simply hide the Ruby Selector option and it will not appear in the user interface.
The Python Selector allows end-users to select the specific version of Python they need.
Each of your customers is different, and each has different needs. The Python Selector allows end-users to choose the Python version as an application and install additional modules. Python Selector uses mod_passenger to get the best performance from Python applications.
Supported Alt-Python versions include:
• alt-python27 2.7.9, supported by CloudLinux 5-7
• alt-python33 3.3.2, supported by CloudLinux 6-7
• alt-python34 3.4.1, supported by CloudLinux 6-7
• alt-python35 3.5.4, supported by CloudLinux 6-7
The Python Selector requires LVE Manager 0.9-1 or later. However, as an administrator, you can choose to simply hide the Python Selector option and it will not appear in the user interface.
Without CloudLinux OS Shared, the way to handle a customer needing a different version of Python is to move the customer to VPS, which is often costly and might encourage your customer to move to a different hosting provider. No more. CloudLinux OS Shared gives control to the end-user. Only those users who need it will use Python Selector.
Mod_lsapi is the fastest and most reliable way to serve PHP pages. It is a drop-in replacement for SuPHP, FCGID, RUID2, and ITK. It has a low memory footprint and understands PHP directives from .htaccess files. Mod_Isapi:
• Is faster than any other way to serve PHP with Apache.
• Doesn’t suffer from stability issues in process management like PHP FPM and mod_fcgid.
• Includes the full benefits of opcode caching.
• Is compatible with MPM Worker and Event.
• Does not require tuning.
• Includes support for PHP directives in .htaccess files.
• Is a drop-in replacement for existing ways to serve PHP.
• Is fully compatible with PHP Selector.
When a website slows down, there’s usually a problem with its content management system. To restore its performance, it used to be necessary to delve into its WordPress installation and diagnose the problem by hand. Now, on servers that run CloudLinux OS Shared Pro, performance problems can be identified immediately using a new tool called PHP X-Ray.
PHP X-Ray, included with CloudLinux OS Shared Pro, provides detailed information on performance bottlenecks that involve WordPress. If a site has sluggish plugins, database queries, functions, or external calls, this new tool helps pinpoint the underlying problem.
Troubleshooting performance problems
PHP X-Ray was developed specifically to troubleshoot performance issues in PHP-based websites, such as:
• Slow plugins
• Slow database queries
• Slow functions
• Slow external calls
Centralized Monitoring enables sysadmins to monitor all their servers, determine the load on each one, and identify the users creating the most load. If a domain is using an inordinate amount of CPU, memory, or disk resources, this tool helps bring it under control.
A detailed look at server performance
Centralized Monitoring provides a detailed look at the load on any and all servers throughout your infrastructure. It enables sysadmins to easily monitor:
• Server performance (RAM, CPU, disks, system load, network, open files, IO)
• Hardware temperature
• Number of users
• Apache connections
• MySQL connections
• CPU steal time for VM
• Per-user resources (CPU, RAM, Processes, IO, MySQL CPU and IO)
We want this new tool to be effective right out of the box, as well as trouble-free and easy to use. It will provide a detailed per-user view.
LVE benefits include:
Ensure Utmost Stability
By limiting resources, you ensure that a tenant never uses more than he is allowed, and therefore never slows down or brings down your entire server or causes issues for all other tenants on the server.
Increase Revenue
LVE Manager acts as a powerful sales tool – you can set limits on a per-package basis and enjoy this feature as a new upsell opportunity, creating packages with more CPU and Memory and selling them to those customers who use more and need it. The best part is that your end users can see their own usage on the account, which makes upsell much smoother.
Reduce Churn Rate
Because the resources of each tenant are limited, your servers won’t go down or slow down, and this will minimize inquiries for performance issues – the primary cause of customer dissatisfaction.
LVE Manager
LVE Manager allows you to maintain fine-tuned control over your resources, including CPU, IO, memory, inodes, numbers of processes, and connections, that any single account can use. It is lightweight and transparent. Now you can limit abusers while allowing good customers to use what they need.
With LVE Manager, you can:
• Limit resources per single account – for end-users and for resellers
• Allow resellers to limit resources for their end-users
• Create and apply default packages
• View usage history per account
• Identify abusers and take corrective actions
• Identify top users and upsell to higher-end plans
Memory
Memory limits control the amount of memory each customer can use. CloudLinux is able to identify, in real-time, the amount of memory actually used by an end customer’s processes. Physical memory limits are especially effective in preventing out-of-memory (OOM) issues and customers’ ballooning memory usage, which destroys caches and causes server overload.
IO
IO limits restrict the data throughput for the customer. They are measured in KB/s. When the limit is reached, the processes are throttled (put to sleep). Because IO is one of the scarcest resources in shared hosting, the ability to put an upper limit on customer use is vital.
CPU
CPU limits establish the maximum amount of CPU resources that an account can use. When a user hits the CPU limit, processes within that limit are slowed down. CPU limits are crucial in preventing CPU usage spikes, which can often make servers slow and unresponsive.
Number of Processes
The number of processes limits control of the total number of processes within LVE. Once the limit is reached, no new process can be created until another one has finished. This effectively prevents fork bombs and similar DoS attacks.
Entry Processes
Entry processes limits control of the number of entries into LVE. The best way to think about this type of limit is as the number of web scripts that can be executed in parallel by visitors to a site. These limits are important to preventing single sites from hogging all Apache slots, thus causing Apache to be unresponsive.
Inode
An inode is a data structure on a file system that is used to keep information about a file or a folder. The number of inodes indicates the number of files and folders an account has. Inodes limits work on the level of disk quota.
Learn more about LVE Manager from documentation
MySQL Governor features:
Stable, simple limits counted as part of LVE limits
Automatic detection and killing of long-running queries
MySQL 5.1 – 5.7 support
MariaDB 5.x and 10.x support
You can click here to watch the video on Youtube.
As a result, hosting companies can carefully throttle resources to maintain performance across servers without instantly disconnecting users.
Learn more about MySQL Governor from documentation
With CageFS:
Users only have access to safe files
Users cannot see other users and have no way to detect the presence of other users or user names on the server
Users cannot see server configuration files, like Apache config files
Users have a limited view of their own processing file system, and cannot see other users’ processes
This innovative technology operates on the following principles:
• Only allow safe binaries to be available to users.
• Remove each user’s access to ALL SUID scripts.
• Limit each customer’s access to the /proc filesystem.
• Prevent symbolic link attacks.
Even with this extensive security, a user’s environment is fully functional, and users do not feel restricted in any way. CageFS is completely transparent to the end user, yet impregnable to a hacker.
You can click here to watch the video on Youtube.
Learn more about CageFS from documentation
HardenedPHP secures old and unsupported versions of PHP. In those old versions, including the widely used 7.2, 7.1, 7.0, and 5.6, vulnerabilities, even if discovered, are not patched by the PHP.net community. HardenedPHP takes care of all this.
Percentages of websites using various
subversions of PHP 7
Percentages of websites using various
subversions of PHP 5
Ensure application and server security by patching all PHP versions
PHP represents more than 79.2% of all server-side scripts. Because of this wide application usage, PHP is constantly exploited by hackers, making sites vulnerable.
HardenedPHP keeps your customers and servers safe by patching all PHP versions against known vulnerabilities – even those versions unsupported by the PHP.net community. Over 100 vulnerabilities, many of which were critical, have been discovered for the unsupported versions of PHP. All have been patched by CloudLinux.
Increase customer retention by not forcing upgrades to a newer PHP version
About 64,5% of all PHP sites use highly popular PHP 7 versions. Yet, these together with the 5th version (35% of all PHP websites) are unsupported by the PHP.net community.
Developers write their scripts to accommodate a particular PHP version, but when a version becomes obsolete, companies are not always able to update and change programs to accommodate newer versions.
HardenedPHP patches old PHP versions so that you do not have to force your customers to re-write scripts written for an older PHP version or worse, risk breaking their sites.
Give your customers security and flexibility
PHP is universal and has the widest use of all server-side scripts. According to W3Techs.com, as of April 2021, the percentage of websites using outdated PHP subversions of PHP 7.2 and earlier was as follows:
• 27% PHP 7.2 — not supported by the community as of November 2020
• 8,6% PHP 7.1 — no development, no bug fixes, no security support as of December 2019
• 9,1% PHP 7.0 — not supported by the community as of January 2019
• 35% older versions, including 5 and 4
With HardenedPHP in CloudLinux OS Shared, not only can you secure old PHP versions, but you can also offer various packaged PHP versions on a single shared web server with PHP Selector to ensure maximum security and flexibility.
Learn more about Hardened PHP from documentation
Learn more about SecureLinks from documentation
Supports PHP versions 4.4, 5.1-5.6, and 7.0-7.2
Supports 120 PHP extensions
You can click here to watch the video on Youtube.
CloudLinux OS Shared includes a large number of extensions and gives control to the end-user. As part of the CageFS tool, each customer can select their PHP version. CloudLinux makes sure that PHP is updated fast, making sites more secure and customers happier.
Learn more about PHP Selector from documentation
Supports Ruby versions 1.8, 1.9, 2.0, and 2.1
Allows users to install additional modules to application environments
Learn more about Ruby Selector from documentation
Supports Python versions 2.7, 3.3, 3.4, and 3.5
Allows users to install additional modules to application environments
Learn more about Python Selector from documentation
Learn more about Mod_Lsapi from documentation
Benefits
EASY TO INSTALL
Out-of-the-box, supported, problem-focused monitoring solution that not requires implementation and continuous support by engineering teams in the future
USER-FRIENDLY
User-friendly Simpler solution for the teams that don’t have enough competences to build it in-house
SIMPLE DETECTION
Detects slow plugins, database queries, functions and external calls
INTEGRATED WITH LVE MANAGER
Detailed per-user view, integrated with LVE Manager (unlike any available solution)
You can click here to watch the video on Youtube.
This video provides an example of how PHP X-Ray might be used to troubleshoot and fix a WordPress performance problem.
Learn more about PHP X-Ray from documentation
Benefits
Performance bottlenecks detection
Out-of-the box solution
All performance monitoring in one place
Custom notifications and alerts
You can click here to watch the video on Youtube.
Learn more about Centralized Monitoring from documentation
Install on
SERVER WITHOUT CONTROL PANEL