ModSecurity

: Hosting Definitions; Disk Space; Hepsia Control Panel; Hosted Domains; InnoDB; Integrated Ticketing System; Email Accounts; Memcached; Node.js; Subdomains; Customer Support; Data Traffic; Varnish; VPN Traffic; Assisted Website Migration; Weekly Backup; Order

ModSecurity is a plugin for Apache web servers which functions as a web app layer firewall. It is used to stop attacks against script-driven sites through the use of security rules which contain particular expressions. This way, the firewall can stop hacking and spamming attempts and preserve even sites which aren't updated on a regular basis. As an example, multiple failed login attempts to a script administrative area or attempts to execute a specific file with the purpose to get access to the script will trigger particular rules, so ModSecurity shall block these activities the minute it identifies them. The firewall is quite efficient since it monitors the entire HTTP traffic to an Internet site in real time without slowing it down, so it can prevent an attack before any harm is done. It also keeps an exceptionally thorough log of all attack attempts which contains more info than typical Apache logs, so you can later check out the data and take extra measures to increase the security of your Internet sites if needed.

ModSecurity in Shared Hosting

ModSecurity is available on all shared hosting web servers, so when you opt to host your sites with our organization, they'll be resistant to a wide array of attacks. The firewall is turned on as standard for all domains and subdomains, so there will be nothing you will need to do on your end. You shall be able to stop ModSecurity for any website if required, or to switch on a detection mode, so that all activity will be recorded, but the firewall will not take any real action. You shall be able to view detailed logs using your Hepsia CP including the IP where the attack came from, what the attacker wanted to do and how ModSecurity addressed the threat. As we take the protection of our customers' websites very seriously, we employ a selection of commercial rules which we take from one of the leading companies which maintain this sort of rules. Our admins also include custom rules to make certain that your sites will be protected against as many threats as possible.

ModSecurity in Semi-dedicated Hosting

Any web app that you set up in your new semi-dedicated hosting account will be protected by ModSecurity since the firewall is included with all our hosting plans and is activated by default for any domain and subdomain that you include or create through your Hepsia hosting Control Panel. You shall be able to manage ModSecurity through a dedicated area inside Hepsia where not simply can you activate or deactivate it fully, but you may also switch on a passive mode, so the firewall won't block anything, but it shall still keep an archive of possible attacks. This requires just a click and you will be able to see the logs regardless if ModSecurity is in active or passive mode through the same section - what the attack was and where it originated from, how it was addressed, and so on. The firewall uses 2 groups of rules on our servers - a commercial one that we get from a third-party web security firm and a custom one that our admins update manually as to respond to recently discovered risks at the earliest opportunity.

ModSecurity in VPS

ModSecurity is provided with all Hepsia-based virtual private servers we offer and it shall be turned on automatically for every new domain or subdomain which you include on the server. That way, any web app which you install will be protected right away without doing anything by hand on your end. The firewall could be managed through the section of the CP that bears the same name. This is the place whereyou could disable ModSecurity or let its passive mode, so it shall not take any action against threats, but will still maintain a detailed log. The recorded info is available in the same section as well and you shall be able to see what IPs any attacks originated from to enable you to block them, what the nature of the attempted attacks was and based upon what security rules ModSecurity reacted. The rules which we employ on our servers are a blend between commercial ones we get from a security company and custom ones that are included by our staff to optimize the protection of any web apps hosted on our end.

ModSecurity in Dedicated Hosting

ModSecurity is provided with all dedicated servers that are integrated with our Hepsia CP and you will not have to do anything specific on your end to employ it as it's enabled by default each time you include a new domain or subdomain on your server. In the event that it disrupts some of your applications, you shall be able to stop it via the respective part of Hepsia, or you may leave it operating in passive mode, so it shall recognize attacks and will still keep a log for them, but will not block them. You could look at the logs later to find out what you can do to boost the protection of your websites since you shall find details such as where an intrusion attempt originated from, what website was attacked and in accordance with what rule ModSecurity responded, and so on. The rules which we use are commercial, therefore they're frequently updated by a security provider, but to be on the safe side, our administrators also include custom rules from time to time in order to react to any new threats they have discovered.