ModSecurity
Learn how having ModSecurity activated in your hosting account can help silently with your web site protection.
ModSecurity is a plugin for Apache web servers which acts as a web app layer firewall. It is used to prevent attacks against script-driven websites through the use of security rules which contain certain expressions. That way, the firewall can prevent hacking and spamming attempts and preserve even sites that aren't updated frequently. As an example, a number of unsuccessful login attempts to a script administrative area or attempts to execute a particular file with the objective to get access to the script shall trigger specific rules, so ModSecurity will stop these activities the minute it discovers them. The firewall is quite efficient as it monitors the whole HTTP traffic to a website in real time without slowing it down, so it could prevent an attack before any damage is done. It additionally maintains a very detailed log of all attack attempts which includes more information than standard Apache logs, so you could later analyze the data and take further measures to enhance the security of your websites if necessary.
-
ModSecurity in Web Hosting
ModSecurity is available with every
web hosting plan that we offer and it is turned on by default for every domain or subdomain that you include via your Hepsia Control Panel. In case it interferes with any of your programs or you would like to disable it for whatever reason, you shall be able to do this through the ModSecurity section of Hepsia with just a mouse click. You can also use a passive mode, so the firewall will identify potential attacks and maintain a log, but won't take any action. You can view detailed logs in the exact same section, including the IP where the attack came from, what exactly the attacker aimed to do and at what time, what ModSecurity did, etcetera. For max security of our clients we use a set of commercial firewall rules blended with custom ones that are included by our system admins.
-
ModSecurity in Semi-dedicated Servers
ModSecurity is part of our
semi-dedicated server packages and if you opt to host your Internet sites with our company, there won't be anything special you will have to do as the firewall is switched on by default for all domains and subdomains that you include through your hosting CP. If necessary, you can disable ModSecurity for a particular website or enable the so-called detection mode in which case the firewall shall still function and record information, but won't do anything to stop potential attacks on your Internet sites. Thorough logs will be readily available within your CP and you will be able to see what type of attacks occurred, what security rules were triggered and how the firewall handled the threats, what IP addresses the attacks came from, etc. We use 2 types of rules on our servers - commercial ones from an organization that operates in the field of web security, and customized ones that our admins often add to respond to newly found threats on time.
-
ModSecurity in VPS Servers
ModSecurity is pre-installed on all
VPS servers that are set up with the Hepsia hosting Control Panel, so your web apps shall be secured from the moment your server is in a position. The firewall is turned on by default for any domain or subdomain on the Virtual Private Server, but if needed, you can disable it with a click of your mouse via the corresponding section of Hepsia. You could also set it to operate in detection mode, so it'll maintain a comprehensive log of any potential attacks without taking any action to stop them. The logs can be found in the exact same section and offer info about the nature of the attack, what IP it came from and what ModSecurity rule was triggered to stop it. For best security, we employ not only commercial rules from a firm working in the field of web security, but also custom ones that our admins add manually in order to react to new threats which are still not dealt with in the commercial rules.
-
ModSecurity in Dedicated Servers
ModSecurity comes with all
dedicated servers that are integrated with our Hepsia CP and you'll not need to do anything specific on your end to use it since it's turned on by default whenever you add a new domain or subdomain on your web server. In the event that it disrupts some of your programs, you'll be able to stop it via the respective area of Hepsia, or you could leave it working in passive mode, so it'll identify attacks and shall still maintain a log for them, but will not prevent them. You may analyze the logs later to learn what you can do to enhance the safety of your websites as you'll find information such as where an intrusion attempt originated from, what Internet site was attacked and based upon what rule ModSecurity reacted, etc. The rules which we use are commercial, hence they are constantly updated by a security provider, but to be on the safe side, our admins also include custom rules occasionally in order to react to any new threats they have discovered.