ModSecurity

: Hosting Terminology; Disk Space; Hepsia Control Panel; Domain Names Hosted; InnoDB; Integrated Ticketing System; Email Accounts; Memcached; Node.js; Subdomains; Help Desk; Bandwidth; Varnish; VPN Traffic; Assisted Website Migration; Weekly Backup; Get Started

ModSecurity is a plugin for Apache web servers that acts as a web app layer firewall. It's used to stop attacks toward script-driven websites by employing security rules that contain specific expressions. This way, the firewall can prevent hacking and spamming attempts and shield even Internet sites which aren't updated often. For example, numerous failed login attempts to a script administrator area or attempts to execute a particular file with the objective to get access to the script shall trigger certain rules, so ModSecurity will stop these activities the moment it discovers them. The firewall is very efficient because it tracks the entire HTTP traffic to a site in real time without slowing it down, so it will be able to stop an attack before any damage is done. It additionally maintains an exceptionally comprehensive log of all attack attempts that features more information than traditional Apache logs, so you could later check out the data and take additional measures to improve the security of your websites if necessary.

ModSecurity in Cloud Web Hosting

ModSecurity is offered with each cloud web hosting plan that we provide and it's activated by default for every domain or subdomain that you include through your Hepsia CP. If it disrupts any of your applications or you would like to disable it for any reason, you'll be able to do this through the ModSecurity section of Hepsia with only a mouse click. You may also enable a passive mode, so the firewall will recognize possible attacks and keep a log, but shall not take any action. You could view extensive logs in the very same section, including the IP where the attack came from, what precisely the attacker attempted to do and at what time, what ModSecurity did, and so on. For maximum safety of our clients we use a group of commercial firewall rules blended with custom ones which are provided by our system administrators.

ModSecurity in Semi-dedicated Hosting

We've included ModSecurity as a standard inside all semi-dedicated hosting products, so your web applications shall be protected as soon as you install them under any domain or subdomain. The Hepsia CP which comes with the semi-dedicated accounts shall allow you to enable or turn off the firewall for any website with a mouse click. You shall also be able to turn on a passive detection mode through which ModSecurity will maintain a log of possible attacks without actually preventing them. The thorough logs include the nature of the attack and what ModSecurity response that attack initiated, where it originated from, and so forth. The list of rules that we employ is constantly updated as to match any new risks which may appear on the Internet and it features both commercial rules that we get from a security firm and custom-written ones that our admins add if they discover a threat that's not present within the commercial list yet.

ModSecurity in VPS

Safety is vital to us, so we set up ModSecurity on all virtual private servers which are set up with the Hepsia Control Panel as a standard. The firewall could be managed through a dedicated section in Hepsia and is switched on automatically when you include a new domain or create a subdomain, so you'll not have to do anything by hand. You will also be able to deactivate it or turn on the so-called detection mode, so it shall keep a log of possible attacks which you can later analyze, but won't block them. The logs in both passive and active modes include info about the form of the attack and how it was prevented, what IP address it originated from and other valuable information that could help you to tighten the security of your websites by updating them or blocking IPs, for example. Beyond the commercial rules we get for ModSecurity from a third-party security company, we also implement our own rules since from time to time we detect specific attacks which aren't yet present in the commercial package. This way, we can easily boost the security of your VPS instantly as opposed to waiting for an official update.

ModSecurity in Dedicated Hosting

All of our dedicated servers that are installed with the Hepsia hosting CP come with ModSecurity, so any app you upload or set up shall be protected from the very beginning and you will not have to concern yourself with common attacks or vulnerabilities. An individual section inside Hepsia will permit you to start or stop the firewall for each domain or subdomain, or switch on a detection mode so that it records information about intrusions, but does not take actions to stop them. What you'll discover in the logs shall allow you to to secure your Internet sites better - the IP address an attack came from, what website was attacked and in what way, what ModSecurity rule was triggered, and so forth. With this information, you'll be able to see whether a site needs an update, whether you ought to block IPs from accessing your web server, etcetera. Besides the third-party commercial security rules for ModSecurity which we use, our administrators add custom ones too if they find a new threat that is not yet a part of the commercial bundle.