When the decision’s been made to adopt a hosting solution, as so many leading organizations are doing in today’s competitive business environment, choosing a Control Panel that suits your requirements is a sensible move.

WHM/cPanel and Plesk are both feature rich control panels with similar functionalities. They are, however, organized completely differently.

Quick Overview..

cPanel/WHM

cPanel is one of the most popular and widely-used control panels. It’s quite complete and allows a business to manage and maintain nearly all aspects of server operation. The basics, such as email and file hosting, are handled with ease. Web statistics are part of the package. “Site builder” feature, which helps to automate the building of a website and populating it with content, is among the most powerful available. The “Fantastico” package allows one-click installation of popular software packages, such as blogs, forums, and merchandise catalogs. Going a little deeper, domain name server (DNS) management is also available.

Read the rest of this entry »

Customer satisfaction is our major goal which ultimately leads to business growth. For attaining this, the major facts to emphasis upon are server security, minimum downtime, maximum utilization of the available resources, bring down operational cost etc.

With regards to server security, CageFS which works with cloud linux is an option.

What is CageFS?

CageFS is a virtual file system that encapsulates each shared hosting customer in his/her own private virtual space. It contains a set of tools which contain the users in it own resource limits or a ‘cage’. Each customer will have its own fully functional CageFS, with all the system files, tools, etc.

Advantages of CageFS:

Handling Hackers
CageFS prevents hackers from scanning the server for vulnerable files, and escalating privileges to gain root access.

Virtual Private Area
CageFS ensures that users cannot see any other user and will have no way to detect the presence of other users in the server.

Free Software
CageFS becomes part of CloudLinux OS and there is no additional charge for it.

Isolation from Server Configuration files
CageFS also prevents users from viewing the server configuration files, such as Apache config files.

Compatibility with cPanel
CageFS comes with plugin for WHM that allows us to manage & update CageFS. We can view as well as change the default behavior of the users using the frontend panel itself. Plesk, DirectAdmin, InterWorx and ISP Manager are also fully supported and can be integrated with CageFS.

Ease of Installation and Configuration
CageFS has the advantage that it can automatically detect cPanel, Plesk, DirectAdmin, ISP Manager and InterWorx configuration from the server. This leads to less time needed to install the software and configure it.

Ease of Managing Users
CageFS can be operated in two modes and toggling of users between modes is possible from the frontend. The two supported modes are as follows.
1. Enabled for all, except those that are disabled.
2. Disabled for all, except those that are enabled.

Mode #1 is convenient for production operation, where we can add all new users automatically to CageFS.
Mode #2 is convenient while you test CageFS, as it allows you to enable it one by one for your customers.

In a shared hosting environment, CPU and IO usage are the most critical bottlenecks. When a user installs a CPU hungry plugin/software in his account, then other users hosted in the server are deprived of the resources. With CageFS this circumstance can be completely neglected, resulting in higher server stability and security. This ultimately results in less support calls and hence happier customers. This will initiate a chain of events ultimately resulting in business expansion and more profit.

Implementation of CageFS:

cPanel/WHM
CageFS installation is simple and can be done by yum install. CageFS comes with the plugin for WHM/cPanel.

Plesk Panel
CageFS also contains the plugin for Plesk panel. There are user interfaces for managing the users and CageFs from the front end.

The above is a very rough outline of CageFs , if you have any questions, we would be happy to talk to you!

About the Author :

Balaji P Pai works as a Junior Software Engineer in Bobcares. He joined Bobcares in January 2012. He loves playing football and watching TV during his free time.

Blog edited by :

Arundhati Rath works as a Software Engineer in Bobcares. She joined Bobcares in June 2011. She loves listening to music in her free time.

On May 3rd, a PHP-CGI vulnerability termed as “severe” by CloudLinux was published in US CERT web site.

The vulnerability causes any server running PHP as CGI to allow source code disclosure and arbitrary command execution using the account’s privileges. The quote from US CERT web site is below:

When PHP is used in a CGI-based setup (such as Apache’s mod_cgid), the php-cgi receives a processed query string parameter as command line arguments which allows command-line switches, such as -s, -d or -c to be passed to the php-cgi binary, which can be exploited to disclose source code and obtain arbitrary code execution.

 While the primary vulnerability was reported for PHP-CGI executions, the CloudLinux note cautioned that this could be applicable to suPHP and mod_fcgid as well. But a post in suPHP mailing list says it is not affected by this vulnerability.

Response from Parallels

Parallels reacted with a 3 point resolution to this issue, as described in their KB entry on CVE-2012-1823.Important points are quoted below:

This is a Critical Vulnerability that affects software that contains PHP-CGI. PHP-FastCGI is not vulnerable to this exploit.
Parallels Plesk for Windows versions 10.4 and earlier are NOT affected.
Parallels Plesk for Linux versions 9.3 - 10.4 are NOT affected by the PHP-CGI remote code execution vulnerability due to use of the special cgi_wrapper script.
Parallels Plesk for Linux versions 8.6 and earlier are NOT affected due to use of mod_php only.
Parallels Plesk for Linux versions 9.0 - 9.2.3 might be vulnerable. Plesk team is working on an update.

1. It’s strongly recommended to update Plesk to the higher version that is not vulnerable.
2. CGI wrapper is the recommended way to workaround the issue, if Plesk update is not possible.
3. It is also possible to workaround the problem with .htaccess rules for each website.

Response from cPanel

A very reassuring post from cPanel says the customers who use EasyApache to compile their web servers are safe. cPanel though cautions that mod_cgi and mod_cgid are not recommended, and should ideally use suPHP. cPanel’s documentation says that suPHP is compiled using paranoid settings, which means that as long as you are using the latest PHP in a cPanel server running suPHP, you should be safe.

Response from CloudLinux

CloudLinux was one of the first to react to this situation, and have released a patch for those servers using PHP from CloudLinux repository. The patch is released in beta state and are awaiting a fully tested solution from RedHat. For the time being, the recommended solution is to upgrade PHP using the cloudlinux-updates-testing repo as quoted below from the CloudLinux blog post.

To deploy on CL5 (php53-5.3.3-5.el5.cloudlinux.1):
# yum update php53 –enablerepo=cloudlinux-updates-testing
To deploy on CL6 (php-5.3.3-3.el6_2.6.cloudlinux.1):
# yum update php –enablerepo=cloudlinux-updates-testing

To update PHP 5.1 on CL5 (php-5.1.6-32.el5.cloudlinux.1)
# yum update php –enablerepo=cloudlinux-updates-testing

So to summarize, if you have cPanel servers with the recommended web server settings you do not have anything to worry about. If you are using mod_cgi or mod_cgid, switch to suPHP, and you will be safe. If you are using Plesk products, upgrade to the latest release. If you have any questions, we would be happy to answer.

Visakh has been with Bobcares from May 2004, and has extensive experience in administering various control panels and operating systems used in web hosting industry. He is an avid reader, and loves topics on technology, humour and philosophy.

Some critical vulnerabilities were reported in the Remote Desktop Protocol, that allows remote code execution if an attacker sends a sequence of specially crafted RDP packets to an affected system.

Read more on Microsoft RDP Vulnerability.

Parallels has come out with a security advisory in relation to this vulnerability Read the rest of this entry »

Parallels have released fixes and micro updates for vulnerabilities in old Windows Plesk 8 and windows Plesk 9. Another recent vulnerability in Plesk panel was reported and its micro update was released a couple of days ago.



The details of the Plesk Panel vulnerabilities can be found here :

Parallels Plesk SQL injection vulnerability for Linux servers - panel version 9.5

Vulnerability in Plesk versions 8 / 9 for Windows server, which as per the KB applies to the following old versions : Read the rest of this entry »

Is SPAM bothering you too? I have been receiving numerous complaints from my clients, regarding SPAM mails. I tried all possible configurations on the spam software available with the control panels. But it was of no use at all. Finally I heard of ASSP. This is my lifesaver. Now all my clients are happy and content. The spams mails have been reduced by more than 90%. None of my clients have ever mentioned about spam, ever since this software was installed. Let me tell you more about my experience with ASSP

Read the rest of this entry »

This primarily Web Hosting event is held every year, sponsored mainly by Parallels for their customers and partners. Bobcares.com was there as well, and I managed to talk to some people about innovative ideas that their companies introduced during the event.

Many attendees may remember me walking around and asking questions. If you were interviewed and do not appear in the video, don’t despair. Your interview could appear in future releases .

Thank you
Sangeetha Naik

Sangeetha Naik is co-Founder and Director, Poornam (Bobcares). With 9 years of experience in the Web Hosting industry, she speaks in various conferences about how Web Hosts can cost effectively setup and run their Support Operations.

This primarily Web Hosting event was held this year at beautiful Miami, FL. Bobcares.com was there as well, and I managed to talk to some people about what they thought of WebHosting and where it was going.

Many attendees may remember me walking around and asking questions. If you were interviewed and do not appear in the video, don’t despair. Your interview could appear in future releases .

Sangeetha Naik is co-Founder and Director, Poornam (Bobcares). With 9 years of experience in the Web Hosting industry, she speaks in various conferences about how Web Hosts can cost effectively setup and run their Support Operations.

Deleting spam everyday is a sheer waste of time and it sure is frustrating to see them take over our mailbox. Have you ever imagined how nice it would be, if your mailbox could identify these problem makers, get rid of them and help you regain the control of your mailbox?

To help our mailbox battle spam, Parallels Plesk Panel has a perfect killer on job:-SpamAssassin. SpamAssasin keeps an eye on your mailbox and uses efficient scoring heuristics to identify and snatch spam. In fact, it is very powerful and a much sought after filter which explains why it is popularly being used in other web hosting control panels too, like cPanel. So, as a web host, you might want to opt enabling SpamAssassin in the control panel, to give your customers , the best of deals.

Read the rest of this entry »

With the “Cloud” rapidly becoming an integral part of the internet now, I am sure that most of us have at one point or the other used a cloud application. To make the hosting of software products in cloud easier, options are being explored to implement them in the SaaS model. Providing software products in the SaaS model is how the internet will be, in the future.

Software as a Service model is now playing a major role in defining the hosting industry too. The APS standard from Parallels is a perfect platform for delivering software in the SaaS model. As a web host, what will set you apart in today’s competitive hosting market is not the hardware or the bandwidth, but the applications you provide your customers.

Read the rest of this entry »