ModSecurity

: Terminology; Disk Space; Hepsia Control Panel; Hosted Domain Names; InnoDB; Integrated Ticketing System; Email Accounts; Memcached; Node.js; Subdomains; Customer Support; Data Traffic; Varnish; VPN Traffic; Assisted Website Migration; Weekly Backup; Order

ModSecurity is a plugin for Apache web servers that acts as a web app layer firewall. It is employed to prevent attacks toward script-driven websites through the use of security rules that contain certain expressions. In this way, the firewall can stop hacking and spamming attempts and shield even websites which aren't updated often. For instance, numerous unsuccessful login attempts to a script administrative area or attempts to execute a specific file with the objective to get access to the script will trigger specific rules, so ModSecurity shall block these activities the moment it discovers them. The firewall is extremely efficient since it monitors the whole HTTP traffic to a website in real time without slowing it down, so it will be able to prevent an attack before any harm is done. It additionally keeps a very comprehensive log of all attack attempts which contains more information than typical Apache logs, so you can later examine the data and take extra measures to increase the security of your sites if necessary.

ModSecurity in Cloud Web Hosting

We provide ModSecurity with all cloud web hosting packages, so your web apps shall be resistant to destructive attacks. The firewall is switched on by default for all domains and subdomains, but in case you'd like, you'll be able to stop it through the respective part of your Hepsia Control Panel. You could also switch on a detection mode, so ModSecurity will keep a log as intended, but won't take any action. The logs that you will discover in Hepsia are very detailed and feature information about the nature of any attack, when it occurred and from what IP address, the firewall rule which was triggered, and so forth. We use a group of commercial rules that are regularly updated, but sometimes our admins include custom rules as well so as to better protect the sites hosted on our servers.

ModSecurity in Semi-dedicated Hosting

We've incorporated ModSecurity as a standard inside all semi-dedicated hosting packages, so your web apps shall be protected as soon as you set them up under any domain or subdomain. The Hepsia CP which comes with the semi-dedicated accounts shall allow you to switch on or disable the firewall for any website with a click. You will also be able to turn on a passive detection mode with which ModSecurity will keep a log of possible attacks without actually preventing them. The detailed logs include things like the nature of the attack and what ModSecurity response this attack triggered, where it originated from, etcetera. The list of rules we employ is constantly updated as to match any new threats which might appear on the Internet and it features both commercial rules that we get from a security firm and custom-written ones which our administrators include if they find a threat which is not present inside the commercial list yet.

ModSecurity in VPS Web Hosting

ModSecurity is pre-installed on all virtual private servers that are offered with the Hepsia hosting Control Panel, so your web apps shall be protected from the second your server is in a position. The firewall is turned on by default for any domain or subdomain on the Virtual Private Server, but if necessary, you'll be able to disable it with a mouse click via the corresponding section of Hepsia. You can also set it to work in detection mode, so it'll keep an extensive log of any potential attacks without taking any action to prevent them. The logs are available inside the same section and offer information regarding the nature of the attack, what IP it came from and what ModSecurity rule was triggered to stop it. For optimum security, we use not simply commercial rules from a company operating in the field of web security, but also custom ones that our administrators add manually in order to react to new risks which are still not tackled in the commercial rules.

ModSecurity in Dedicated Servers Hosting

ModSecurity is provided with all dedicated servers which are set up with our Hepsia Control Panel and you'll not need to do anything specific on your end to employ it because it's enabled by default every time you add a new domain or subdomain on your server. In case it disrupts some of your applications, you will be able to stop it through the respective section of Hepsia, or you can leave it in passive mode, so it shall recognize attacks and shall still maintain a log for them, but shall not stop them. You may look at the logs later to determine what you can do to boost the protection of your websites since you'll find info such as where an intrusion attempt originated from, what Internet site was attacked and based on what rule ModSecurity responded, and so on. The rules which we employ are commercial, thus they are frequently updated by a security company, but to be on the safe side, our administrators also add custom rules from time to time as to deal with any new threats they have discovered.