ModSecurity

: Hosting Terminology; Disk Space; Hepsia Control Panel; Hosted Domains; InnoDB; Integrated Ticketing System; Email Accounts; Memcached; Node.js; Subdomains; Help Desk; Bandwidth; Varnish; Set-up Fees; Free Site Themes; Zend Optimizer; Purchase

ModSecurity is a potent web app layer firewall for Apache web servers. It monitors the entire HTTP traffic to a website without affecting its operation and in case it discovers an intrusion attempt, it blocks it. The firewall also maintains a more thorough log for the website visitors than any web server does, so you will be able to keep track of what's going on with your Internet sites better than if you rely merely on conventional logs. ModSecurity employs security rules based on which it stops attacks. For instance, it detects whether someone is attempting to log in to the admin area of a certain script a number of times or if a request is sent to execute a file with a specific command. In such cases these attempts set off the corresponding rules and the firewall software hinders the attempts instantly, after that records comprehensive information about them inside its logs. ModSecurity is one of the best software firewalls available and it could easily protect your web apps against thousands of threats and vulnerabilities, especially if you don’t update them or their plugins often.

ModSecurity in Website Hosting

ModSecurity is provided with all website hosting web servers, so if you decide to host your sites with our business, they shall be shielded from a wide range of attacks. The firewall is enabled by default for all domains and subdomains, so there'll be nothing you shall need to do on your end. You shall be able to stop ModSecurity for any website if required, or to switch on a detection mode, so that all activity will be recorded, but the firewall shall not take any real action. You'll be able to view specific logs from your Hepsia Control Panel including the IP where the attack came from, what the attacker planned to do and how ModSecurity handled the threat. As we take the security of our customers' sites very seriously, we employ a set of commercial rules that we take from one of the top companies which maintain this type of rules. Our admins also add custom rules to make certain that your sites will be resistant to as many risks as possible.

ModSecurity in Semi-dedicated Hosting

We have integrated ModSecurity as a standard within all semi-dedicated hosting plans, so your web applications will be protected whenever you set them up under any domain or subdomain. The Hepsia CP that is included with the semi-dedicated accounts will permit you to activate or turn off the firewall for any website with a click. You will also have the ability to switch on a passive detection mode in which ModSecurity shall keep a log of possible attacks without actually stopping them. The thorough logs contain the nature of the attack and what ModSecurity response that attack caused, where it came from, and so forth. The list of rules we employ is frequently updated in order to match any new threats that might appear on the Internet and it includes both commercial rules that we get from a security firm and custom-written ones which our administrators add in case they find a threat that is not present in the commercial list yet.

ModSecurity in VPS Web Hosting

Protection is essential to us, so we set up ModSecurity on all virtual private servers that are made available with the Hepsia Control Panel as a standard. The firewall could be managed through a dedicated section in Hepsia and is turned on automatically when you include a new domain or create a subdomain, so you'll not have to do anything manually. You will also be able to disable it or turn on the so-called detection mode, so it'll keep a log of possible attacks you can later analyze, but won't stop them. The logs in both passive and active modes include information regarding the kind of the attack and how it was stopped, what IP it came from and other valuable info which could help you to tighten the security of your Internet sites by updating them or blocking IPs, for example. Beyond the commercial rules we get for ModSecurity from a third-party security enterprise, we also use our own rules because from time to time we identify specific attacks that aren't yet present inside the commercial package. That way, we can enhance the security of your Virtual private server in a timely manner instead of waiting for a certified update.

ModSecurity in Dedicated Servers Hosting

ModSecurity comes with all dedicated servers that are integrated with our Hepsia CP and you will not have to do anything specific on your end to employ it since it's turned on by default each time you include a new domain or subdomain on your server. In the event that it disrupts some of your applications, you will be able to stop it via the respective section of Hepsia, or you can leave it operating in passive mode, so it shall identify attacks and shall still maintain a log for them, but will not block them. You can look at the logs later to determine what you can do to improve the protection of your Internet sites since you'll find details such as where an intrusion attempt came from, what website was attacked and based on what rule ModSecurity reacted, etcetera. The rules which we employ are commercial, hence they're regularly updated by a security provider, but to be on the safe side, our administrators also add custom rules every now and then in order to deal with any new threats they have discovered.