ModSecurity

: Hosting Terminology; Disk Space; Hepsia Control Panel; Domains Hosted; InnoDB; Integrated Ticketing System; Email Accounts; Memcached; Node.js; Subdomains; Customer Support; Data Traffic; Varnish; VPN Traffic; Assisted Website Migration; Weekly Backup; Sign Up

ModSecurity is a potent web app layer firewall for Apache web servers. It monitors the entire HTTP traffic to a site without affecting its performance and if it detects an intrusion attempt, it prevents it. The firewall furthermore keeps a more detailed log for the traffic than any server does, so you shall manage to keep an eye on what's going on with your sites much better than if you rely merely on standard logs. ModSecurity works with security rules based on which it prevents attacks. For instance, it recognizes if anyone is trying to log in to the administrator area of a particular script several times or if a request is sent to execute a file with a specific command. In these instances these attempts trigger the corresponding rules and the software hinders the attempts right away, after that records detailed details about them within its logs. ModSecurity is among the best software firewalls out there and it can protect your web apps against thousands of threats and vulnerabilities, particularly if you don’t update them or their plugins frequently.

ModSecurity in Web Hosting

ModSecurity is supplied with all web hosting web servers, so when you opt to host your websites with our company, they'll be shielded from a wide array of attacks. The firewall is enabled as standard for all domains and subdomains, so there shall be nothing you'll need to do on your end. You'll be able to stop ModSecurity for any Internet site if required, or to switch on a detection mode, so all activity will be recorded, but the firewall will not take any real action. You'll be able to view specific logs from your Hepsia Control Panel including the IP where the attack came from, what the attacker planned to do and how ModSecurity handled the threat. As we take the security of our customers' websites seriously, we use a set of commercial rules which we get from one of the best companies that maintain this kind of rules. Our admins also add custom rules to ensure that your Internet sites will be shielded from as many threats as possible.

ModSecurity in Semi-dedicated Servers

ModSecurity is a part of our semi-dedicated server packages and if you decide to host your Internet sites with our company, there shall not be anything special you'll need to do since the firewall is activated by default for all domains and subdomains you include using your hosting Control Panel. If required, you could disable ModSecurity for a certain site or activate the so-called detection mode in which case the firewall shall still work and record information, but will not do anything to prevent possible attacks on your Internet sites. Detailed logs will be accessible inside your CP and you'll be able to see which kind of attacks took place, what security rules were triggered and how the firewall dealt with the threats, what Internet protocol addresses the attacks originated from, etcetera. We employ two kinds of rules on our servers - commercial ones from a company that operates in the field of web security, and custom ones that our admins sometimes include to respond to newly found threats promptly.

ModSecurity in VPS Servers

Safety is of the utmost importance to us, so we install ModSecurity on all VPS servers that are made available with the Hepsia CP by default. The firewall could be managed through a dedicated section within Hepsia and is switched on automatically when you add a new domain or create a subdomain, so you will not need to do anything personally. You will also be able to deactivate it or activate the so-called detection mode, so it will maintain a log of potential attacks that you can later examine, but won't prevent them. The logs in both passive and active modes contain info about the kind of the attack and how it was stopped, what IP it originated from and other useful information which could help you to tighten the security of your websites by updating them or blocking IPs, as an example. On top of the commercial rules that we get for ModSecurity from a third-party security company, we also implement our own rules since once in a while we discover specific attacks that aren't yet present inside the commercial pack. That way, we can easily improve the protection of your VPS promptly instead of waiting for an official update.

ModSecurity in Dedicated Servers

If you choose to host your sites on a dedicated server with the Hepsia CP, your web apps shall be protected right from the start since ModSecurity is available with all Hepsia-based solutions. You will be able to manage the firewall effortlessly and if necessary, you shall be able to turn it off or activate its passive mode when it will only maintain a log of what's occurring without taking any action to stop possible attacks. The logs which you will find in the exact same section of the Control Panel are extremely detailed and feature information about the attacker IP address, what website and file were attacked and in what way, what rule the firewall used to prevent the intrusion, and so on. This data shall allow you to take measures and enhance the protection of your websites even more. To be on the safe side, we employ not just commercial rules, but also custom-made ones that our administrators include whenever they identify attacks which haven't yet been included within the commercial pack.