ModSecurity

: Hosting Definitions; Disk Space; Hepsia Control Panel; Domains Hosted; InnoDB; Integrated Ticketing System; Email Accounts; Memcached; Node.js; Subdomains; Help Desk; Monthly Traffic; Varnish; VPN Traffic; Assisted Website Migration; Weekly Backup; Buy Now

ModSecurity is an effective firewall for Apache web servers that is used to stop attacks toward web applications. It monitors the HTTP traffic to a specific Internet site in real time and stops any intrusion attempts the instant it detects them. The firewall relies on a set of rules to do that - as an illustration, trying to log in to a script administrator area without success several times triggers one rule, sending a request to execute a specific file that could result in getting access to the Internet site triggers a different rule, and so forth. ModSecurity is among the best firewalls available on the market and it will protect even scripts which aren't updated regularly since it can prevent attackers from employing known exploits and security holes. Very comprehensive information about each and every intrusion attempt is recorded and the logs the firewall maintains are far more detailed than the conventional logs created by the Apache server, so you may later take a look at them and decide whether you need to take extra measures in order to increase the security of your script-driven Internet sites.

ModSecurity in Hosting

ModSecurity comes by default with all hosting solutions which we provide and it shall be turned on automatically for any domain or subdomain that you add/create in your Hepsia hosting Control Panel. The firewall has 3 different modes, so you could activate and disable it with just a click or set it to detection mode, so it'll keep a log of all attacks, but it'll not do anything to stop them. The log for any of your websites will contain elaborate information including the nature of the attack, where it originated from, what action was taken by ModSecurity, etcetera. The firewall rules that we use are constantly updated and include both commercial ones which we get from a third-party security firm and custom ones that our system administrators include in the event that they detect a new kind of attacks. In this way, the sites which you host here will be much more secure without any action needed on your end.

ModSecurity in Semi-dedicated Servers

ModSecurity is a part of our semi-dedicated server solutions and if you decide to host your sites with us, there won't be anything special you'll have to do given that the firewall is turned on by default for all domains and subdomains that you include via your hosting Control Panel. If needed, you could disable ModSecurity for a certain site or enable the so-called detection mode in which case the firewall will still operate and record information, but shall not do anything to stop potential attacks on your Internet sites. Thorough logs will be accessible within your CP and you'll be able to see which kind of attacks occurred, what security rules were triggered and how the firewall dealt with the threats, what IP addresses the attacks originated from, and so on. We use two sorts of rules on our servers - commercial ones from a business that operates in the field of web security, and customized ones that our administrators sometimes add to respond to newly discovered risks promptly.

ModSecurity in VPS Servers

ModSecurity is included with all Hepsia-based VPS servers we offer and it will be switched on automatically for every new domain or subdomain which you add on the web server. That way, any web application you install shall be secured right away without doing anything by hand on your end. The firewall can be handled via the section of the Control Panel which bears the same name. This is the area in whichyou could switch off ModSecurity or enable its passive mode, so it shall not take any action against threats, but shall still keep a thorough log. The recorded data is available within the same section as well and you will be able to see what IPs any attacks came from so that you block them, what the nature of the attempted attacks was and based upon what security rules ModSecurity responded. The rules which we employ on our servers are a mixture between commercial ones that we obtain from a security firm and custom ones which are included by our admins to enhance the protection of any web apps hosted on our end.

ModSecurity in Dedicated Servers

If you choose to host your websites on a dedicated server with the Hepsia Control Panel, your web apps will be protected right away as ModSecurity is supplied with all Hepsia-based packages. You'll be able to control the firewall easily and if needed, you shall be able to turn it off or activate its passive mode when it shall only maintain a log of what's taking place without taking any action to prevent potential attacks. The logs that you will find in the exact same section of the CP are extremely detailed and include info about the attacker IP address, what website and file were attacked and in what ways, what rule the firewall employed to stop the intrusion, etcetera. This information shall permit you to take measures and increase the security of your Internet sites even more. To be on the safe side, we use not just commercial rules, but also custom-made ones that our admins add whenever they detect attacks that have not yet been included inside the commercial pack.