BuycPanel Blog

BuycPanel Blog

Latest news and updates

6/26/2014 – Cloudlinux: Commitment to Security

Posted by Jamison on 26 06 2014.

CloudLinux is currently the only operating system specifically designed to accommodate the needs of the shared hosting and reseller hosting industry. Originally founded in 2009, Cloudlinux has grown to become a company that has the most experience in hosting businesses while improving stability and performance.


It has a wide range of features, not the least of which is their excellent security system which makes sure clients are protected from any and all threats. While viruses do pose as a risk, it is the hackers who pose as even bigger threats. Nothing can be more dangerous to a website than someone who is driven to deliberately destroy, deface, debilitate or steal information from others.


Cloudlinux knows how to deal with such attacks.


Security features


At the forefront of Cloudlinux security is the CageFS, a virtual file system that restricts each shared hosting customer into its own private virtual space. This is to stop hackers from scanning the server for vulnerable files and finding out who are the others using the system. This can also stop them from adjusting their privileges to gain root access.


The latest CageFS version provides protection against symbolic link attacks. All setuid root binaries from inside the CageFS are also no longer accessible.


“Hackers often use setuid root binaries to escalate privileges and gain root access to the vulnerable system,” Cloud Linux Inc. founder and CEO Igor Seletskiy told, “removing them from a hacker’s reach should significantly reduce the number of attacks against shared hosts.”


CageFS is offered free of charge to Cloud Linux customers.


Another safeguard in place is the SecureLinks technology that protects against unauthorized retrieval of static pages by anyone who can use Apache.


“Due to static pages being retrieved by Apache users (or nobody, depending on your install) it was very hard to protect against. Some hosts used SymLinksIfOwnerMatch directive instead, but that didn’t really work, as race condition (when symlink is made to point to hacker’s file, and then to good user’s file) makes it very simple to exploit,” Seletskiy says.


SecureLinks has been designed to completely stop such attacks. It works by making sure that the file that will be served by Apache is owned by the same user, as the owner of VirtualHost. Ownership of the virtual host is based on the files of SuexecUserGroup directive, making protection unbreakable despite any race conditions, hard links or symbolic links.


Precautions in place


As an extended precaution, CloudLinux protocols only allow users access to safe files and customers to the /proc filesystem. Users are also not permitted to access to all SUID scripts and each customer is only allowed to see his or her own processes.


Cloudlinux also has the Tenant Isolation feature; so if one server goes down for any reason, the rest of the system will still remain safe.


Cloudlinux also has a ready team of experts who are available 24/7 for any emergency.


When it comes to protecting your website, half-measures just don’t get the job done. Get your Cloudlinux OS license today.


Order CloudLinux now!
More information on CloudLinux licenses: