CloudLinux

CageFS

CageFS is a virtualized, per-user file system that uniquely encapsulates each customer, preventing users from seeing each other and viewing sensitive information. CageFS prevents a large number of attacks, including most privilege escalation and information disclosure attacks. It is completely transparent to your customers, without any need for them to change their scripts.

HardenedPHP

Several highly popular versions of PHP, used in more than 85% of all PHP sites, are unsupported by the PHP.net community. This means that any vulnerabilities discovered are not patched! HardenedPHP takes care of these security issues.

SecureLinks

SecureLinks is a kernel-level technology that prevents all known symbolic link (symlink) attacks. It enhances the security level of the servers even further and prevents malicious users from creating symbolic link files (where an attacker tricks Apache Web server to read some other user.s PHP config files).

Lightweight Virtual Environment Manager

LVE is a kernel-level technology developed by the CloudLinux team that works simular to container-based virtualization. LVE Manager allows you to maintain fine-tuned control over your resources, including CPU, IO, memory, inodes, numbers of processes, and connections, that any single account can use. It is lightweight and transparent. Now you can limit abusers while allowing good customers to use what they need.

MySQL Governor

MySQL often becomes a major headache for shared hosting companies. Keeping MySQL stable is difficult, and customer queries can easily slow everything down. This is where MySQL Governor comes in. Its ability to pinpoint abusers and throttle them in real time is unprecedented in the industry. With support from the latest versions of MySQL and MariaDB, it is a must-have for any shared host.

Every customer is different and their websites all have different needs. CloudLinux offering selectors that allow each customer to choose which version of PHP, Ruby, and Python they would like to run

PHP Selector

PHP being the dominant language on the internet it's important to let your users choose which version they want to run. CloudLinux allows your customers to select from all versions of PHP ranging from 4.4 all the way to the lastest version. Your customers can also enable and disable over a hundrend different PHP extensions.

Ruby Selector

The Ruby selector gives your customers the ability to choose from Ruby version 1.8, 1.9, 2.0 and 2.1. Your customers can also install additional modules they require for their application environments.

Python Selector

The Python Selector allows end users to choose the Python version as an application and install additional modules. The Python Selector uses mod_passenger to get the best performance from Python applications.

LVE Resource Limits

CloudLinux puts each user account on a shared server into a lightweight virtual environment (LVE). This allows the host to maintain control over resources such as CPU, IO, memory, the number of processes, and concurrent connections that any single account can use. The goal of LVE is to make sure that no single user can bring down the entire server.

• CPU Limits - Limits the CPU usage of a specific user. When the user hits their set CPU limit their processes are throttled to keep the user from abusing the server. CPU limits are crucial in preventing a single user from slowing down the entire server and even making it unresponsive.
• Memory Limits - Limits the Memory usage of a specific user. Memory limits are important to stop OOM (Out Of Memory) conditions which usually lead to a unresponsive server. Memory limits are also extremely important to keep the system from destroying important caches that can help increase the speed and decrease the load of a server.
• I/O Limits - Limits the data throughput for a specific user. Throughput is measured in KB/s. When the limit is reached, the processes are throttled. With IO being one of the scarcest resources in shared hosting, the ability to put an upper limit on a users use is vital.
• Process Limit - Limits the number of concurrent processes within the Lightweight Virtualized Environment (LVE) for a specific user. Once the limit is reached, no new processes can be created until one of the previous processes dies. This effectively prevents fork bombs and similar DOS attacks.
• Entry Processes Limit - Limits the number of entry processes into LVE for a specific user. The best way to think of this is to think of each process as a web site visitor viwing a web script. This limit is important to prevent a single site from hogging all Apache slots and from causing Apache to become unresponsive.
• MySQL Limits - The MySQL Governor allows setting resource limits for a specific user. CPU, IO Read, and IO Write limits can be set to prevent a single user from hogging server resources. Data from MySQL is what drives most web applications these days and it's important to keep those applications under control.
• Inodes Limits - Limits the number of inodes used by a specific user. An inode is a data structure used to represent a filesystem object, which can be one of various things including a file or directory. A filesystem only has a set number of inodes available and when they are gone new files will no longer be able to be created. Inode limits are achieved through filesystem quotas.