ModSecurity

: Glossary; Disk Space; Hepsia Control Panel; Hosted Domain Names; InnoDB; Integrated Ticketing System; Email Accounts; Memcached; Node.js; Subdomains; Customer Support; Data Traffic; Varnish; VPN Traffic; Assisted Website Migration; Weekly Backup; Purchase

ModSecurity is a highly effective firewall for Apache web servers that's employed to prevent attacks against web apps. It tracks the HTTP traffic to a certain Internet site in real time and blocks any intrusion attempts the moment it discovers them. The firewall uses a set of rules to do that - as an example, trying to log in to a script admin area without success many times activates one rule, sending a request to execute a specific file which may result in getting access to the Internet site triggers another rule, and so on. ModSecurity is amongst the best firewalls around and it'll protect even scripts that are not updated regularly because it can prevent attackers from employing known exploits and security holes. Very comprehensive info about every intrusion attempt is recorded and the logs the firewall maintains are much more detailed than the regular logs generated by the Apache server, so you can later examine them and decide if you need to take more measures so as to enhance the safety of your script-driven Internet sites.

ModSecurity in Shared Hosting

ModSecurity is provided with all shared hosting servers, so when you opt to host your Internet sites with our company, they shall be shielded from a wide array of attacks. The firewall is enabled by default for all domains and subdomains, so there will be nothing you'll need to do on your end. You'll be able to stop ModSecurity for any site if necessary, or to switch on a detection mode, so all activity will be recorded, but the firewall won't take any real action. You will be able to view comprehensive logs via your Hepsia CP including the IP where the attack came from, what the attacker planned to do and how ModSecurity handled the threat. As we take the safety of our clients' websites seriously, we use a collection of commercial rules which we get from one of the best firms that maintain this kind of rules. Our administrators also add custom rules to make sure that your Internet sites shall be shielded from as many risks as possible.

ModSecurity in Semi-dedicated Hosting

All semi-dedicated hosting plans which we offer include ModSecurity and given that the firewall is switched on by default, any Internet site that you build under a domain or a subdomain shall be secured right from the start. An independent section inside the Hepsia CP that comes with the semi-dedicated accounts is devoted to ModSecurity and it will enable you to start and stop the firewall for any website or enable a detection mode. With the last option, ModSecurity will not take any action, but it'll still recognize possible attacks and will keep all information inside a log as if it were 100% active. The logs can be found within the very same section of the Control Panel and they feature information about the IP where an attack originated from, what its nature was, what rule ModSecurity applies to detect and stop it, etc. The security rules we use on our web servers are a mix of commercial ones from a security business and custom ones made by our system administrators. Therefore, we provide higher security for your web programs as we can shield them from attacks before security companies release updates for brand new threats.

ModSecurity in VPS Hosting

ModSecurity is pre-installed on all virtual private servers which are set up with the Hepsia hosting CP, so your web applications will be secured from the moment your server is ready. The firewall is turned on by default for any domain or subdomain on the Virtual Private Server, but if necessary, you can deactivate it with a mouse click via the corresponding section of Hepsia. You could also set it to operate in detection mode, so it shall keep a detailed log of any potential attacks without taking any action to prevent them. The logs can be found in the very same section and include information regarding the nature of the attack, what IP it originated from and what ModSecurity rule was initiated to stop it. For optimum security, we use not just commercial rules from a firm working in the field of web security, but also custom ones that our admins include personally in order to react to new threats that are still not addressed in the commercial rules.

ModSecurity in Dedicated Web Hosting

ModSecurity is included with all dedicated servers which are integrated with our Hepsia CP and you will not need to do anything specific on your end to employ it since it's enabled by default whenever you include a new domain or subdomain on your server. If it interferes with any of your programs, you'll be able to stop it via the respective section of Hepsia, or you can leave it in passive mode, so it'll recognize attacks and shall still keep a log for them, but shall not prevent them. You could analyze the logs later to determine what you can do to boost the security of your websites as you'll find information such as where an intrusion attempt came from, what site was attacked and based on what rule ModSecurity reacted, and so forth. The rules we employ are commercial, thus they're regularly updated by a security provider, but to be on the safe side, our staff also include custom rules occasionally as to react to any new threats they have found.