ModSecurity

: Terminology; Disk Space; Hepsia Control Panel; Hosted Domains; InnoDB; Integrated Ticketing System; Email Accounts; Memcached; Node.js; Subdomains; Customer Support; Data Traffic; Varnish; VPN Traffic; Assisted Website Migration; Weekly Backup; Purchase

ModSecurity is an effective firewall for Apache web servers that is used to prevent attacks against web applications. It keeps track of the HTTP traffic to a particular Internet site in real time and prevents any intrusion attempts the moment it discovers them. The firewall uses a set of rules to accomplish that - as an illustration, trying to log in to a script administrator area unsuccessfully several times sets off one rule, sending a request to execute a certain file that may result in getting access to the Internet site triggers another rule, etc. ModSecurity is one of the best firewalls out there and it'll secure even scripts which are not updated frequently because it can prevent attackers from using known exploits and security holes. Quite comprehensive information about each intrusion attempt is recorded and the logs the firewall keeps are a lot more specific than the standard logs created by the Apache server, so you could later examine them and decide if you need to take additional measures so as to improve the safety of your script-driven websites.

ModSecurity in Shared Hosting

ModSecurity is supplied with all shared hosting servers, so when you choose to host your websites with our business, they'll be protected against an array of attacks. The firewall is enabled by default for all domains and subdomains, so there'll be nothing you will have to do on your end. You shall be able to stop ModSecurity for any site if needed, or to enable a detection mode, so all activity will be recorded, but the firewall shall not take any real action. You will be able to view comprehensive logs via your Hepsia Control Panel including the IP address where the attack came from, what the attacker planned to do and how ModSecurity dealt with the threat. Since we take the safety of our customers' websites seriously, we use a group of commercial rules that we take from one of the top firms that maintain this type of rules. Our admins also include custom rules to ensure that your Internet sites shall be resistant to as many threats as possible.

ModSecurity in Semi-dedicated Servers

ModSecurity is a part of our semi-dedicated server solutions and if you opt to host your sites with us, there won't be anything special you will have to do given that the firewall is switched on by default for all domains and subdomains which you add through your hosting Control Panel. If required, you could disable ModSecurity for a particular site or switch on the so-called detection mode in which case the firewall shall still work and record data, but shall not do anything to stop possible attacks on your websites. In depth logs will be accessible within your CP and you'll be able to see which kind of attacks took place, what security rules were triggered and how the firewall dealt with the threats, what Internet protocol addresses the attacks came from, and so on. We employ two sorts of rules on our servers - commercial ones from a business that operates in the field of web security, and custom ones that our administrators occasionally include to respond to newly identified risks in a timely manner.

ModSecurity in VPS Servers

Protection is essential to us, so we install ModSecurity on all VPS servers that are made available with the Hepsia Control Panel by default. The firewall could be managed via a dedicated section within Hepsia and is activated automatically when you add a new domain or create a subdomain, so you won't have to do anything personally. You'll also be able to deactivate it or switch on the so-called detection mode, so it will keep a log of possible attacks that you can later examine, but won't stop them. The logs in both passive and active modes offer details about the kind of the attack and how it was eliminated, what IP it came from and other valuable information which may help you to tighten the security of your Internet sites by updating them or blocking IPs, as an example. Besides the commercial rules which we get for ModSecurity from a third-party security enterprise, we also employ our own rules since from time to time we detect specific attacks which aren't yet present inside the commercial pack. That way, we could increase the security of your VPS promptly as opposed to awaiting a certified update.

ModSecurity in Dedicated Servers

If you opt to host your Internet sites on a dedicated server with the Hepsia Control Panel, your web applications will be protected immediately as ModSecurity is available with all Hepsia-based plans. You will be able to manage the firewall with ease and if necessary, you will be able to turn it off or switch on its passive mode when it'll only maintain a log of what is going on without taking any action to prevent potential attacks. The logs which you can find within the same section of the Control Panel are very detailed and include data about the attacker IP, what website and file were attacked and in what ways, what rule the firewall used to prevent the intrusion, etcetera. This information shall allow you to take measures and enhance the security of your sites even more. To be on the safe side, we employ not just commercial rules, but also custom-made ones which our staff add whenever they recognize attacks that have not yet been included inside the commercial pack.