ModSecurity
Find out how having ModSecurity activated in your hosting account will help silently with your site protection.
ModSecurity is a plugin for Apache web servers which functions as a web application layer firewall. It's used to stop attacks against script-driven websites by employing security rules that contain certain expressions. That way, the firewall can prevent hacking and spamming attempts and preserve even sites which are not updated regularly. For example, a number of unsuccessful login attempts to a script administrator area or attempts to execute a certain file with the objective to get access to the script shall trigger specific rules, so ModSecurity will block these activities the instant it discovers them. The firewall is very efficient as it screens the entire HTTP traffic to an Internet site in real time without slowing it down, so it can easily stop an attack before any harm is done. It also keeps a very thorough log of all attack attempts which includes more information than standard Apache logs, so you can later check out the data and take further measures to boost the security of your sites if required.
-
ModSecurity in Shared Web Hosting
We provide ModSecurity with all
shared web hosting solutions, so your web apps shall be shielded from malicious attacks. The firewall is activated as standard for all domains and subdomains, but in case you'd like, you will be able to stop it through the respective section of your Hepsia Control Panel. You'll be able to also switch on a detection mode, so ModSecurity shall keep a log as intended, but will not take any action. The logs which you will find inside Hepsia are very detailed and offer data about the nature of any attack, when it transpired and from what IP address, the firewall rule which was triggered, and so on. We employ a set of commercial rules which are often updated, but sometimes our administrators add custom rules as well in order to better protect the sites hosted on our servers.
-
ModSecurity in Semi-dedicated Hosting
ModSecurity is a part of our
semi-dedicated hosting solutions and if you choose to host your sites with us, there will not be anything special you'll have to do given that the firewall is switched on by default for all domains and subdomains which you add via your hosting CP. If required, you'll be able to disable ModSecurity for a certain site or switch on the so-called detection mode in which case the firewall will still function and record information, but shall not do anything to stop possible attacks on your sites. Comprehensive logs will be available within your Control Panel and you'll be able to see which kind of attacks happened, what security rules were triggered and how the firewall handled the threats, what IP addresses the attacks originated from, etc. We use two sorts of rules on our servers - commercial ones from a business which operates in the field of web security, and custom ones which our admins occasionally include to respond to newly identified threats on time.
-
ModSecurity in VPS Hosting
ModSecurity is pre-installed on all
virtual private servers which are provided with the Hepsia hosting Control Panel, so your web programs shall be secured from the second your server is ready. The firewall is activated by default for any domain or subdomain on the Virtual Private Server, but if needed, you'll be able to disable it with a click of your mouse via the corresponding section of Hepsia. You can also set it to work in detection mode, so it shall maintain an extensive log of any possible attacks without taking any action to stop them. The logs can be found within the exact same section and offer details about the nature of the attack, what IP address it originated from and what ModSecurity rule was triggered to stop it. For maximum security, we use not simply commercial rules from a business operating in the field of web security, but also custom ones which our admins include personally so as to react to new threats that are still not addressed in the commercial rules.
-
ModSecurity in Dedicated Web Hosting
ModSecurity comes with all
dedicated servers that are set up with our Hepsia Control Panel and you will not have to do anything specific on your end to use it as it's enabled by default whenever you include a new domain or subdomain on your hosting server. If it interferes with some of your applications, you shall be able to stop it via the respective area of Hepsia, or you can leave it in passive mode, so it will recognize attacks and will still maintain a log for them, but won't block them. You may look at the logs later to learn what you can do to increase the safety of your websites since you shall find details such as where an intrusion attempt came from, what site was attacked and based on what rule ModSecurity reacted, etcetera. The rules which we use are commercial, therefore they are constantly updated by a security firm, but to be on the safe side, our admins also add custom rules every now and then as to react to any new threats they have discovered.