Mod lsapi

Mod_lsapi is the fastest and most reliable way to serve PHP pages. It is a drop-in replacement for SuPHP, FCGID, RUID2, and ITK. It has a low memory footprint and understands PHP directives from .htaccess files. Mod_Isapi:

  • Is faster than any other way to serve PHP with Apache.
  • Doesn’t suffer from stability issues in process management like PHP FPM and mod_fcgid.
  • Includes the full benefits of opcode caching.
  • Is compatible with MPM Worker and Event.
  • Does not require tuning.
  • Includes support for PHP directives in .htaccess files.
  • Is a drop-in replacement for existing ways to serve PHP.
  • Is fully compatible with PHP Selector.

Python Selector

The Python Selector allows end users to select the specific version of Python they need.

Each of your customers is different, and each has different needs. The Python Selector allows end users to choose the Python version as an application and install additional modules. Python Selector uses mod_passenger to get the best performance from Python applications.

Supported Alt-Python versions include:

  • alt-python27 2.7.9, supported by CloudLinux 5, CloudLinux 6, CloudLinux 7
  • alt-python33 3.3.2, supported by CloudLinux 6, CloudLinux 7
  • alt-python34 3.4.1, supported by CloudLinux 6, CloudLinux 7
  • alt-python35 3.5.4, supported by CloudLinux 6, CloudLinux 7

The Python Selector requires LVE Manager 0.9-1 or later. However, as an administrator, you can choose to simply hide the Python Selector option and it will not appear in the user interface.

Without CloudLinux OS, the way to handle a customer needing a different version of Python is to move the customer to VPS, which is often costly and might encourage your customer to move to a different hosting provider. No more. CloudLinux OS gives control to the end user. Only those users who need it will use Python Selector.

 

PHP Selector

The PHP Selector allows end users to select the specific version of PHP they need. It allows ultimate flexibility by offering all popular versions of PHP, with more than 120 PHP extensions to choose from.

Each of your customers is different, and each has different needs. With PHP being the dominant language on the internet, we package multiple versions of PHP and let the customer select which version they want to run. Customers can select between PHP 4.4, 5.1, 5.2, 5.3, 5.4, 5.5, 5.6, and 7.0, 7.1 and 7.2. They can also select from more than 120 different PHP extensions.

Quite often, a customer needs one extension while another customer needs a different extension. Without CloudLinux OS, the way to handle this is to move the customer to VPS, which is often costly and might encourage your customer to move to a different hosting provider. No more. CloudLinux provides a large number of extensions and gives control to the end user. Only users who need it will use the PHP Selector. Everyone else will use the default PHP version that you have installed on your server. Customers can switch to a different version of PHP at any time.

 

CloudLinux OS includes a large number of extensions and gives control to the end user. As part of the CageFS tool, each customer can select their PHP version. CloudLinux makes sure that PHP is updated fast, making sites more secure and customers happier.

Ruby Selector

The Ruby Selector allows end users to select the specific version of Ruby they need.

Each of your customers is different, and each has different needs. The Ruby Selector allows end users to choose the Ruby version for applications and install additional modules (gems) to the application environment. Ruby Selector uses mod_passenger for optimum performance.

  • Supports Ruby versions 1.8, 1.9, 2.0, and 2.1
  • Allows users to install additional modules to application environments

Without CloudLinux OS, the way to handle a customer needing a different version of Ruby is to move the customer to VPS, which is often costly and might encourage your customer to move to a different hosting provider. No more. CloudLinux OS gives control to the end user. Only those users who need it will use Ruby Selector.

The Ruby Selector is available for CloudLinux 6 or later and requires LVE Manager 0.9-1 or later. However, as an administrator, you can choose to simply hide the Ruby Selector option and it will not appear in the user interface.

SecureLinks

SecureLinks is a kernel-level technology that prevents all known symbolic link (symlink) attacks. It enhances the security level of the servers even further and prevents malicious users from creating symbolic link files (where an attacker tricks Apache Web server to read some other user’s PHP config files).

CageFS is extremely effective at stopping most information disclosure attacks, in which a hacker can read sensitive files like /etc/passwd. However, in some cases, CageFS won’t be able to protect against symbolic link attacks. For example, on cPanel servers, it is not enabled in the WebDAV server, cPanel file manager, and webmail, as well as some FTP servers that don’t include proper change rooting. This allows attackers to create symlinks or hardlinks to sensitive files like /etc/passwd and then use WebDAV, filemanager, or webmail to read the content of those files. With CloudLinux OS SecureLink, you can prevent such attacks by keeping malicious users from creating symlinks and hardlinks to files that they don’t own.

Hardened PHP Project

HardenedPHP

Several highly popular versions of PHP, used in nearly 85% of all PHP sites, are unsupported by the PHP.net community. HardenedPHP secures old and unsupported versions of PHP – 4.4.9, 5.1, 5.2, 5.3, 5.4, 5.5, 5.6, 7.0, 7.1.

HardenedPHP secures old and unsupported versions of PHP. In those old versions, including the widely used 5.2, 5.3, 5.4 and (as of June 2016) 5.5, vulnerabilities, even if discovered, are not patched by the PHP.net community. HardenedPHP takes care of all this.

 

Ensure application and server security by patching all PHP versions

PHP represents more than 80% of all server-side scripts. Because of this wide application usage, PHP is constantly exploited by hackers, making sites vulnerable.

HardenedPHP keeps your customers and servers safe by patching all PHP versions against known vulnerabilities – even those versions unsupported by the PHP.net community.

Over 100 vulnerabilities, many of which were critical, have been discovered for the unsupported versions of PHP. All have been patched by CloudLinux.

Increase customer retention by not forcing upgrades to a newer PHP version

About 85% of all PHP sites use highly popular PHP versions 5.2, 5.3, 5.4, and 5.5. Yet, all four of these versions are unsupported by the PHP.net community.

Developers write their scripts to accommodate a particular PHP version, but when a version becomes obsolete, companies are not always able to update and change programs to accommodate newer versions.

HardenedPHP patches old PHP versions so that you do not have to force your customers to re-write scripts written for an older PHP version or worse, risk breaking their sites.

Give your customers security and flexibility

PHP is universal and has the widest use of all server-side scripts. According to W3Techs.com, as of August 2016, the percentage of websites using PHP subversions of PHP 5 was as follows:

  • 20.1% PHP 5.5 — not supported by the community as of June 2016
  • 27.4%% PHP 5.4 — not supported by the community as of September 2015
  • 28% PHP 5.3 — no development, no bug fixes, no security support as of August 2014
  • 10.4% PHP 5.2 — no development, no bug fixes, no security support as of January 2011
  • 1% older versions, including 5.1 (and 4.4)
  • Remaining 15% represent version 5.6 supported by the PHP.net community

With HardenedPHP in CloudLinux OS, not only can you secure old PHP versions, but you can also offer various packaged PHP versions on a single shared web server with PHP Selector to ensure maximum security and flexibility.

Cagefs

CageFS is a virtualized, per-user file system that uniquely encapsulates each customer, preventing users from seeing each other and viewing sensitive information. CageFS prevents a large number of attacks, including most privilege escalation and information disclosure attacks. It is completely transparent to your customers, without any need for them to change their scripts.

Linux was never meant to be used by a large number of unvetted users and is therefore extremely prone to hacking. It is far too easy for a hacker to obtain an account on your server by using a stolen credit card and signing up or by abusing an outdated script one of your customers has not updated for years. After that, a hacker has inside access to the server and can begin poking around and attacking your server. That leaves you with the nightmare of cleaning up your hacked server.

CloudLinux OS prevents this nightmare from happening. With CageFS, users are virtualized to their own file systems, preventing any individual user from seeing any other users on the server.

With CageFS:

  • Users only have access to safe files.
  • Users cannot see other users and have no way to detect the presence of other users or user names on the server.
  • Users cannot see server configuration files, like Apache config files.
  • Users have a limited view of their own processing file system, and cannot see other users’ processes.

This innovative technology operates on the following principles:

  • Only allow safe binaries to be available to users.
  • Remove each user’s access to ALL SUID scripts.
  • Limit each customer’s access to the /proc filesystem.
  • Prevent symbolic link attacks.

Even with this extensive security, a user’s environment is fully functional, and users do not feel restricted in any way. CageFS is completely transparent to the end user, yet impregnable to a hacker.

MySQL Governor

MySQL is one of the main causes of issues on a shared server. MySQL Governor monitors MySQL usage and throttles abusers, preventing them from overloading the server, which improves overall stability and performance.

MySQL often becomes a major headache for shared hosting companies. Keeping MySQL stable is difficult, and customer queries can easily slow everything down. This is where MySQL Governor comes in. Its ability to pinpoint abusers and throttle them in real time is unprecedented in the industry. With support from the latest versions of MySQL and MariaDB, it is a must-have for any shared host.

MySQL Governor tracks CPU and disk IO usage for every user in real time and throttles MySQL queries by using same-per-user LVE limits. By using the dbtop utility, it is possible to see usage as it happens on a per-customer basis, ensuring that system admins always know what is going on.

MySQL Governor features:

  • Stable, simple limits counted as part of LVE limits
  • Automatic detection and killing of long-running queries
  • MySQL 5.1 – 5.7 support
  • MariaDB 5.x and 10.x support

As a result, hosting companies can carefully throttle resources to maintain performance across servers without instantly disconnecting users.

taken from Cloudlinux Website

Lightweight Virtual Environment Manager

Limit all CPU, IO, memory resources, numbers of processes, and concurrent connections per each user

A single site can easily bring your server to a halt by consuming all your CPU, memory, and IO resources. Our proprietary Lightweight Virtual Environment (LVE) technology prevents that by allowing hosts to set up individual resource limits. This ensures that a tenant can never use more resources than he or she is given.

LVE is a kernel-level technology developed by the CloudLinux team. It integrates at the server, PAM (Pluggable Authentication Modules), and database levels to prevent any kind of abuse while maintaining the lowest overhead possible. The technology has roots in common with container-based virtualization.

The goal of LVE is to ensure that no single website can bring down your server.

LVE benefits include:

Ensure Utmost Stability

By limiting resources, you ensure that a tenant never uses more than he is allowed, and therefore never slows down or brings down your entire server or causes issues for all other tenants on the server.

Increase Revenue

LVE Manager acts as a powerful sales tool – you can set limits on a per-package basis and enjoy this feature as a new upsell opportunity, creating packages with more CPU and Memory and selling them to those customers who use more and need it. The best part is that your end users can see their own usage on the account, which makes upsell much smoother.

Reduce Churn Rate

Because the resources of each tenant are limited, your servers won’t go down or slow down, and this will minimize inquiries for performance issues – the primary cause of customer dissatisfaction.

LVE Manager

LVE Manager allows you to maintain fine-tuned control over your resources, including CPU, IO, memory, inodes, numbers of processes, and connections, that any single account can use. It is lightweight and transparent. Now you can limit abusers while allowing good customers to use what they need.

With LVE Manager, you can:

  • Limit resources per single account – for end-users and for resellers
  • Allow resellers to limit resources for their end-users
  • Create and apply default packages
  • View usage history per account
  • Identify abusers and take corrective actions
  • Identify top users and upsell to higher-end plans

Memory

Memory limits control the amount of memory each customer can use. CloudLinux is able to identify, in real time, the amount of memory actually used by an end customer’s processes. Physical memory limits are especially effective in preventing out of memory (OOM) issues and customers’ ballooning memory usage, which destroys caches and causes server overload.

IO

IO limits restrict the data throughput for the customer. They are measured in KB/s. When the limit is reached, the processes are throttled (put to sleep). Because IO is one of the scarcest resources in shared hosting, the ability to put an upper limit on customer use is vital.

CPU

CPU limits establish the maximum amount of CPU resources that an account can use. When a user hits the CPU limit, processes within that limit are slowed down. CPU limits are crucial in preventing CPU usage spikes, which can often make servers slow and unresponsive.

Number of Processes

Number of processes limits control the total number of processes within LVE. Once the limit is reached, no new process can be created until another one has finished. This effectively prevents fork bombs and similar DoS attacks.

Entry Processes

Entry processes limits control the number of entries into LVE. The best way to think about this type of limit is as the number of web scripts that can be executed in parallel by visitors to a site. These limits are important to preventing single sites from hogging all Apache slots, thus causing Apache to be unresponsive.

Inode

An inode is a data structure on a file system that is used to keep information about a file or a folder. The number of inodes indicates the number of files and folders an account has. Inodes limits work on the level of disk quota.

taken from

Cloudlinux Website