ModSecurity

: Glossary; Disk Space; Hepsia Control Panel; Domain Names Hosted; InnoDB; Integrated Ticketing System; Email Accounts; Memcached; Node.js; Subdomains; Customer Support; Data Traffic; Varnish; VPN Traffic; Assisted Website Migration; Weekly Backup; Purchase

ModSecurity is a plugin for Apache web servers that functions as a web application layer firewall. It's employed to prevent attacks against script-driven websites by employing security rules which contain particular expressions. In this way, the firewall can block hacking and spamming attempts and shield even websites that aren't updated on a regular basis. For instance, numerous failed login attempts to a script admin area or attempts to execute a specific file with the purpose to get access to the script shall trigger specific rules, so ModSecurity will block out these activities the moment it discovers them. The firewall is quite efficient since it monitors the entire HTTP traffic to a website in real time without slowing it down, so it will be able to prevent an attack before any damage is done. It additionally maintains a very thorough log of all attack attempts which features more information than typical Apache logs, so you can later analyze the data and take further measures to boost the security of your Internet sites if necessary.

ModSecurity in Website Hosting

ModSecurity comes standard with all website hosting solutions which we provide and it'll be turned on automatically for any domain or subdomain which you add/create in your Hepsia hosting Control Panel. The firewall has 3 different modes, so you could switch on and disable it with a mouse click or set it to detection mode, so it will maintain a log of all attacks, but it'll not do anything to prevent them. The log for each of your websites will include comprehensive information including the nature of the attack, where it came from, what action was taken by ModSecurity, etcetera. The firewall rules which we use are frequently updated and incorporate both commercial ones we get from a third-party security company and custom ones our system administrators add in the event that they detect a new kind of attacks. In this way, the sites that you host here will be much more protected without any action needed on your end.

ModSecurity in Semi-dedicated Servers

All semi-dedicated server plans that we offer include ModSecurity and since the firewall is switched on by default, any Internet site you build under a domain or a subdomain shall be protected right from the start. An independent section within the Hepsia CP which comes with the semi-dedicated accounts is dedicated to ModSecurity and it'll enable you to start and stop the firewall for any site or enable a detection mode. With the last mentioned, ModSecurity shall not take any action, but it'll still detect possible attacks and will keep all info in a log as if it were completely active. The logs can be found inside the same section of the Control Panel and they include details about the IP where an attack came from, what its nature was, what rule ModSecurity applies to detect and stop it, etc. The security rules that we use on our servers are a mix between commercial ones from a security firm and custom ones made by our system admins. As a result, we offer greater security for your web programs as we can defend them from attacks even before security corporations release updates for completely new threats.

ModSecurity in VPS Servers

ModSecurity is pre-installed on all VPS servers that are provided with the Hepsia hosting Control Panel, so your web programs will be protected from the instant your server is in a position. The firewall is switched on by default for any domain or subdomain on the Virtual Private Server, but if necessary, you'll be able to deactivate it with a click from the corresponding section of Hepsia. You can also set it to function in detection mode, so it will maintain a comprehensive log of any potential attacks without taking any action to prevent them. The logs are available in the exact same section and include information regarding the nature of the attack, what IP address it came from and what ModSecurity rule was activated to stop it. For best security, we employ not only commercial rules from a business operating in the field of web security, but also custom ones which our admins include manually so as to respond to new threats that are still not tackled in the commercial rules.

ModSecurity in Dedicated Servers

ModSecurity is provided by default with all dedicated servers which are set up with the Hepsia CP and is set to “Active” automatically for any domain you host or subdomain you create on the hosting server. Just in case that a web app doesn't function correctly, you may either disable the firewall or set it to function in passive mode. The latter means that ModSecurity will maintain a log of any potential attack which might happen, but shall not take any action to stop it. The logs generated in passive or active mode will present you with additional details about the exact file which was attacked, the type of the attack and the IP address it came from, etcetera. This data will permit you to determine what steps you can take to improve the protection of your sites, such as blocking IPs or carrying out script and plugin updates. The ModSecurity rules that we use are updated often with a commercial package from a third-party security provider we work with, but sometimes our staff include their own rules too in the event that they find a new potential threat.