ZOOM Domain Registration and Cloud, SSD Web Hosting Philippines gives business the advantage of getting the benefit of real cloud SSD web hosting platform for the price of traditional shared web servers or VPS hosting. Unlike other website hosting and domain registration companies with servers that run mostly on Centos, our Cloud platform are powered by CloudLinux, the only OS designed to optimize web server performance in a cloud environment. This means that spikes from one tenant doesn’t affect other tenants making each account stable and running smoothly. Zoom Hosting is also the preferred .PH domain registration offering registration of all .PH domains including, .com.ph, .net.ph, .org.ph, edu.ph, .gov.ph. We are not reseller who sells cheap web hosting, dedicated server, VPS and email hosting reseller packages and oversells resources sacrificing speed and security. We maintain and manage our own servers thus we’re able to tweak server settings according to our customer’s needs and we’re able to give them a more personalized service. Don’t just take our word for it, try it now and experience the best, lightning fast cloud web hosting today! Dedicated Cloud-based VPS and Dedicated server also available.

ZOOM Hosting announced today that it is rolling out CageFS in all its shared hosting servers. CageFS is a CloudLinux feature mainly responsible for tenant isolation.

cloudlinux cagefs

One of the most serious issues that besets web hosting companies and shared hosting account owners is security. We already know that protecting a server from attacks is a tough job for server administrators. What makes the job even tougher is the fact that in a shared hosting environment, account owners are free to administer their own websites, set directory permission, install scripts and the only time they'll ever do security audit if ever they do is when they first set it up.

While some may think that shared accounts in a server are isolated, the truth is a lot of servers around the world are not protected. Assuming an attacker is able to successfully punch a hole in one of the accounts hosted in a shared server, he can do one or combination of exploits such as symlink attacks to jump from one account directory to another. If the server is not protected from symlink attack, it's useless to be securing your precious CMS installation because there's a backdoor hole from other users’ account.

CageFS in a nutshell is a secured virtualized file system with its own set of libraries that allows the system to contain each user in its own "cage". In CageFS environment, accounts are treated as if one is isolated from the other. The account will have its own system files and configuration. Before CageFS, users are able to list other usernames in a server, view other user's process and access system files.

 

Some advantages of CageFS are:

A user has no means of detecting other users on the server nor will they be able to access files and directories owned by other users

Critical binaries are hidden and only safe binaries are accessible to the user

User cannot view other users’ processes and they only have a limited access to /proc file system

The beauty of CageFS is that all scripts are left untouched and will remain to be fully functional. Users do not have to configure anything and will not be restricted in anyway, except for their inability to access critical system binaries.

 

According to CloudLinux documentation, CageFS will cage any scripts execution done via:

  • LiteSpeed Web Server
  • Apache Web Server
  • SSH
  • and other PAM enabled service.

However, mod_php is not supported as of this writing, and MPM ITK requires a patch.

 

Below are the major differences between a server running on CLOUDLINUX with CageFS enabled and traditional stand alone server running on CentOS.

  • Temporary Files - Without CageFS, temporary files are written to the system's /tmp directory. One problem with this is that all users share the same directory, so if one poorly coded script from another user account dumps junk temp files on this directory and it gets full, it may affect the performance of the server. With CageFS, each user utilizes its own /tmp directory inside their home path, thus improving both security and performance.
  • Tenant Isolation – CageFS isolates each user. With other Linux variants and even with CloudLinux without CageFS, users that are logged via SSH can actually view processes run by other users and see what's happening in the server. Gone are those days. With CageFS, you are one lonely cowboy, unable to list other users’ login, and can't see processes running in the server.
  • Command Access – CageFS limits the commands that can be executed by users to only the essential commands. You will not be able to access commands that you do not need and that will compromise the server and other users' privacy.

For those managing their own dedicated server, CageFS is very easy to install.

Here are the system requirements:

Kernel: You must be running on CloudLinux 5.x with lve 0.8.54 or later and CloudLinux 6.x with lve 1.2.17.1 or later and must have at least 7GB free space.

To install, you must login as root and execute these commands:

$ yum install cagefs
$ /usr/sbin/cagefsctl --init

The command /usr/sbin/cagefsctl1 --init will create skeleton directory needed by CageFS under /usr/share. In case you do not have enough disk space in this directory or for some other reason you want to create this in another directory, you just need to mkdir a new directory where you want to ceate the skeleton ( if it does not exist yet ) and then create a symbolick link of that directory from /usr/share/cagefs-skeleton

$ mkdir /home/cagefs-skeleton
$ ln -s /home/cagefs-skeleton /usr/share/cagefs-skeleton

For cPanel servers, if you intend to create skeleton inside the /home directory, you must configure the following:

cPanel WHM WHM > Server Configuration > Basic cPanel/WHM Setup > Basic Config > Additional home directories

Change the value to blank  (default is "home")

Not changing this option will cause cPanel will create new accounts in incorrect directories.

CageFS has automatic configurfation and detection script for Cpanel, DirectAdmin, Plesk, ISPManager, Interworx, PostgreSQL and LiteSpeed

Web interface to manage CageFS is available for cPanel, Plesk 10+, DirectAdmin, ISPmanager & Interworx. For other control panels, command line tool would need to be used.

For Cpanel users, once template is initialized. you can start enabling users through WHM under WHM > Plugins > CageFS. By default CageFS is disabled for all users. 


 PHP Selector

Another advantage of CageFS is that it allows users to have different versions of PHP. Before this feature, the dilemma of share hosting companies is that when they upgrade their servers to new version of PHP, they would be bombarded with support tickets the next day from clients whose scripts cease to function because codes that they are using from old version of PHP are already deprecated. This issue is addressed by PHP Selector.

When enabled, an account owner may change the PHP version used for his account anytime through Cpanel.

To install PHP Selector, you need CageFS and LVE Manager, both are CloudLinux features with WHM plugins.

It's recommended that you update cagefs and lvemanager with support for PHP Alternatives to make sure you have the needed libraries.

$ yum update cagefs lvemanager


Next, you need to enable "Select PHP version" in WHM > Feature Manager, edit the package where you want to enable "PHP Selector", once done. PHP Selector will appear on the accounts' Cpanel.

WARNING: Be careful not to use settings like SuPHP_ConfigPath, PHPRC, PHP_INI_SCAN_DIR. Do not redefine path to php.ini and ini-files for php modules. 



Saturday, January 18, 2014







« Back

Why Choose Us?
  • 1 We are not a reseller
  • 2 CloudLinux Powered Servers
  • 3 Highly secured servers
  • 4 100% Cloud Uptime
What's Included
  • 1 Premium Phone and Chat Support
  • 2 30 days money Back Guarantee
  • 3 Daily, Weekly, Monthly Backup
  • 4 Free Intercontinental Backup
  • 5 Free Backup Restoration
  • 6 cPanel Control Panel
  • 7 Fantastico Script Installer
Client Testimonials

Late 2010 when we needed to revamp PICC.GOV.PH through the help of our contractor ICONCEPT Global Advertising, Inc. It is then also when we migrated to ICONCEPT's hosting platform, now ZOOM Hosting. Since then, we no longer have to worry about our email server or our website being unavailable. ZOOM offers fast, reliable cloud web hosting service that can handle surge of traffic and can accommodate hundreds of PICC email users without any issues.

Marnie F. Onia - PICC MIS Head


comma icon

Follow Us!

Follow Us