Security Features
CageFS is a virtualized, per-user file system that uniquely encapsulates each customer, preventing users from seeing each other and viewing sensitive information. CageFS prevents a large number of attacks, including most privilege escalation and information disclosure attacks. It is completely transparent to your customers, without any need for them to change their scripts.
Linux was never meant to be used by a large number of unvetted users and is therefore extremely prone to hacking. It is far too easy for a hacker to obtain an account on your server by using a stolen credit card and signing up or by abusing an outdated script one of your customers has not updated for years. After that, a hacker has inside access to the server and can begin poking around and attacking your server. That leaves you with the nightmare of cleaning up your hacked server.
CloudLinux OS Shared prevents this nightmare from happening. With CageFS, users are virtualized to their own file systems, preventing any individual user from seeing any other users on the server.
Several highly popular versions of PHP, used in nearly 85% of all PHP sites, are unsupported by the PHP.net community. HardenedPHP secures old and unsupported versions of PHP – 4.4.9, 5.1, 5.2, 5.3, 5.4, 5.5, 5.6, 7.0, 7.1, 7.2.
Percentages of websites using various versions of PHP
SecureLinks is a kernel-level technology that prevents all known symbolic link (symlink) attacks. It enhances the security level of the servers even further and prevents malicious users from creating symbolic link files (where an attacker tricks Apache Web server to read some other user’s PHP config files).
CageFS is extremely effective at stopping most information disclosure attacks, in which a hacker can read sensitive files like /etc/passwd. However, in some cases, CageFS won’t be able to protect against symbolic link attacks. For example, on cPanel servers, it is not enabled in the WebDAV server, cPanel file manager, and webmail, as well as some FTP servers that don’t include proper change rooting. This allows attackers to create symlinks or hardlinks to sensitive files like /etc/passwd and then use WebDAV, filemanager, or webmail to read the content of those files. With CloudLinux OS SecureLink, you can prevent such attacks by keeping malicious users from creating symlinks and hardlinks to files that they don’t own.
With CageFS:
Users only have access to safe files
Users cannot see other users and have no way to detect the presence of other users or user names on the server
Users cannot see server configuration files, like Apache config files
Users have a limited view of their own processing file system, and cannot see other users’ processes
This innovative technology operates on the following principles:
• Only allow safe binaries to be available to users.
• Remove each user’s access to ALL SUID scripts.
• Limit each customer’s access to the /proc filesystem.
• Prevent symbolic link attacks.
Even with this extensive security, a user’s environment is fully functional, and users do not feel restricted in any way. CageFS is completely transparent to the end user, yet impregnable to a hacker.
Learn more about CageFS from documentation
HardenedPHP secures old and unsupported versions of PHP. In those old versions, including the widely used 7.2, 7.1, 7.0, and 5.6, vulnerabilities, even if discovered, are not patched by the PHP.net community. HardenedPHP takes care of all this.
Percentages of websites using various subversions of PHP 7
Percentages of websites using various subversions of PHP 5
Ensure application and server security by patching all PHP versions
PHP represents more than 79.2% of all server-side scripts. Because of this wide application usage, PHP is constantly exploited by hackers, making sites vulnerable.
HardenedPHP keeps your customers and servers safe by patching all PHP versions against known vulnerabilities – even those versions unsupported by the PHP.net community. Over 100 vulnerabilities, many of which were critical, have been discovered for the unsupported versions of PHP. All have been patched by CloudLinux.
Increase customer retention by not forcing upgrades to a newer PHP version
About 64,5% of all PHP sites use highly popular PHP 7 versions. Yet, these together with the 5th version (35% of all PHP websites) are unsupported by the PHP.net community.
Developers write their scripts to accommodate a particular PHP version, but when a version becomes obsolete, companies are not always able to update and change programs to accommodate newer versions.
HardenedPHP patches old PHP versions so that you do not have to force your customers to re-write scripts written for an older PHP version or worse, risk breaking their sites.
Give your customers security and flexibility
PHP is universal and has the widest use of all server-side scripts. According to W3Techs.com, as of April 2021, the percentage of websites using outdated PHP subversions of PHP 7.2 and earlier was as follows:
• 27% PHP 7.2 — not supported by the community as of November 2020
• 8,6% PHP 7.1 — no development, no bug fixes, no security support as of December 2019
• 9,1% PHP 7.0 — not supported by the community as of January 2019
• 35% older versions, including 5 and 4
With HardenedPHP in CloudLinux OS Shared, not only can you secure old PHP versions, but you can also offer various packaged PHP versions on a single shared web server with PHP Selector to ensure maximum security and flexibility.
Learn more about Hardened PHP from documentation
Learn more about SecureLinks from documentation
Install on
SERVER WITHOUT CONTROL PANEL