ModSecurity

: Hosting Terminology; Disk Space; Hepsia Control Panel; Hosted Domain Names; InnoDB; Integrated Ticketing System; Email Accounts; Memcached; Node.js; Subdomains; Help Desk; Data Traffic; Varnish; VPN Traffic; Assisted Website Migration; Weekly Backup; Get Started

ModSecurity is a plugin for Apache web servers that functions as a web app layer firewall. It is employed to prevent attacks toward script-driven Internet sites through the use of security rules which contain specific expressions. In this way, the firewall can stop hacking and spamming attempts and protect even websites that aren't updated frequently. For example, numerous unsuccessful login attempts to a script administrative area or attempts to execute a specific file with the objective to get access to the script shall trigger particular rules, so ModSecurity shall block these activities the second it detects them. The firewall is very efficient because it tracks the whole HTTP traffic to a site in real time without slowing it down, so it will be able to stop an attack before any harm is done. It additionally keeps a very detailed log of all attack attempts which contains more info than standard Apache logs, so you could later analyze the data and take additional measures to increase the security of your websites if needed.

ModSecurity in Cloud Hosting

ModSecurity comes standard with all cloud hosting solutions which we supply and it'll be turned on automatically for any domain or subdomain which you add/create in your Hepsia hosting Control Panel. The firewall has three different modes, so you could switch on and deactivate it with just a click or set it to detection mode, so it will keep a log of all attacks, but it'll not do anything to prevent them. The log for any of your websites shall include in-depth info such as the nature of the attack, where it came from, what action was taken by ModSecurity, and so on. The firewall rules that we use are regularly updated and include both commercial ones which we get from a third-party security business and custom ones that our system administrators add in the event that they detect a new sort of attacks. In this way, the Internet sites you host here will be way more secure without any action needed on your end.

ModSecurity in Semi-dedicated Hosting

All semi-dedicated hosting plans which we offer include ModSecurity and since the firewall is switched on by default, any Internet site that you set up under a domain or a subdomain will be secured immediately. A separate section in the Hepsia CP which comes with the semi-dedicated accounts is dedicated to ModSecurity and it will allow you to start and stop the firewall for any website or switch on a detection mode. With the latter, ModSecurity will not take any action, but it shall still detect possible attacks and shall keep all data inside a log as if it were fully active. The logs could be found in the exact same section of the Control Panel and they offer info about the IP where an attack came from, what its nature was, what rule ModSecurity applies to detect and stop it, and so forth. The security rules we use on our servers are a mix of commercial ones from a security company and custom ones developed by our system admins. Consequently, we provide greater security for your web programs as we can protect them from attacks before security companies release updates for new threats.

ModSecurity in VPS Hosting

Protection is vital to us, so we set up ModSecurity on all virtual private servers that are provided with the Hepsia Control Panel as a standard. The firewall could be managed via a dedicated section within Hepsia and is turned on automatically when you add a new domain or generate a subdomain, so you will not need to do anything personally. You'll also be able to deactivate it or turn on the so-called detection mode, so it shall maintain a log of potential attacks you can later examine, but won't block them. The logs in both passive and active modes offer information about the form of the attack and how it was prevented, what IP it came from and other useful data which may help you to tighten the security of your Internet sites by updating them or blocking IPs, for instance. Beyond the commercial rules we get for ModSecurity from a third-party security enterprise, we also employ our own rules because from time to time we discover specific attacks that are not yet present inside the commercial group. This way, we can easily enhance the protection of your Virtual private server instantly rather than waiting for a certified update.

ModSecurity in Dedicated Web Hosting

ModSecurity is provided with all dedicated servers which are set up with our Hepsia CP and you'll not need to do anything specific on your end to use it because it's switched on by default each time you include a new domain or subdomain on your hosting server. If it disrupts some of your programs, you shall be able to stop it through the respective area of Hepsia, or you may leave it in passive mode, so it will detect attacks and will still maintain a log for them, but shall not prevent them. You'll be able to look at the logs later to find out what you can do to boost the safety of your websites since you will find details such as where an intrusion attempt came from, what website was attacked and in accordance with what rule ModSecurity responded, and so forth. The rules we employ are commercial, thus they are regularly updated by a security company, but to be on the safe side, our admins also add custom rules every now and then in order to deal with any new threats they have discovered.