ModSecurity

: Hosting Glossary; Disk Space; Hepsia Control Panel; Hosted Domains; InnoDB; Integrated Ticketing System; Email Accounts; Memcached; Node.js; Subdomains; Customer Support; Monthly Traffic; Varnish; VPN Traffic; Assisted Website Migration; Weekly Backup; Purchase

ModSecurity is a plugin for Apache web servers that functions as a web app layer firewall. It is employed to prevent attacks against script-driven websites through the use of security rules that contain certain expressions. That way, the firewall can block hacking and spamming attempts and shield even Internet sites that aren't updated on a regular basis. For example, multiple unsuccessful login attempts to a script admin area or attempts to execute a specific file with the intention to get access to the script shall trigger certain rules, so ModSecurity shall stop these activities the second it identifies them. The firewall is incredibly efficient as it monitors the entire HTTP traffic to a website in real time without slowing it down, so it will be able to stop an attack before any damage is done. It also maintains a very detailed log of all attack attempts which features more info than conventional Apache logs, so you could later examine the data and take extra measures to improve the security of your websites if required.

ModSecurity in Shared Hosting

ModSecurity is supplied with all shared hosting web servers, so when you opt to host your Internet sites with our company, they'll be shielded from a wide array of attacks. The firewall is enabled by default for all domains and subdomains, so there'll be nothing you'll need to do on your end. You'll be able to stop ModSecurity for any Internet site if necessary, or to activate a detection mode, so all activity will be recorded, but the firewall will not take any real action. You will be able to view detailed logs from your Hepsia Control Panel including the IP address where the attack originated from, what the attacker wished to do and how ModSecurity addressed the threat. Since we take the security of our clients' Internet sites seriously, we employ a collection of commercial rules which we get from one of the best firms that maintain this sort of rules. Our admins also add custom rules to make certain that your sites shall be protected against as many risks as possible.

ModSecurity in Semi-dedicated Hosting

We've incorporated ModSecurity by default inside all semi-dedicated hosting plans, so your web applications shall be protected as soon as you install them under any domain or subdomain. The Hepsia Control Panel which comes with the semi-dedicated accounts will allow you to enable or disable the firewall for any site with a click. You shall also have the ability to turn on a passive detection mode through which ModSecurity will keep a log of possible attacks without really preventing them. The detailed logs include things like the nature of the attack and what ModSecurity response this attack activated, where it originated from, etcetera. The list of rules we employ is regularly updated in order to match any new risks that could appear on the Internet and it includes both commercial rules that we get from a security business and custom-written ones which our admins add in the event that they discover a threat that is not present inside the commercial list yet.

ModSecurity in VPS

ModSecurity comes with all Hepsia-based virtual private servers which we offer and it'll be turned on automatically for any new domain or subdomain which you include on the machine. This way, any web application which you install shall be secured from the very beginning without doing anything personally on your end. The firewall may be managed via the section of the CP which bears the same name. This is the location in whichyou'll be able to turn off ModSecurity or let its passive mode, so it shall not take any action toward threats, but shall still maintain a comprehensive log. The recorded data is available in the same area as well and you shall be able to see what IPs any attacks came from to enable you to stop them, what the nature of the attempted attacks was and in accordance with what security rules ModSecurity reacted. The rules which we employ on our servers are a mix between commercial ones we obtain from a security firm and custom ones which are added by our staff to maximize the protection of any web apps hosted on our end.

ModSecurity in Dedicated Hosting

If you opt to host your sites on a dedicated server with the Hepsia Control Panel, your web programs will be protected right from the start because ModSecurity is provided with all Hepsia-based plans. You'll be able to control the firewall with ease and if needed, you shall be able to turn it off or switch on its passive mode when it shall only maintain a log of what's going on without taking any action to prevent possible attacks. The logs which you'll find in the same section of the CP are quite detailed and contain information about the attacker IP, what website and file were attacked and in what ways, what rule the firewall employed to prevent the intrusion, and so on. This info will allow you to take measures and increase the security of your sites even more. To be on the safe side, we use not only commercial rules, but also custom-made ones that our administrators include every time they detect attacks that haven't yet been included in the commercial pack.