ModSecurity

: Hosting Terminology; Disk Space; Hepsia Control Panel; Domain Names Hosted; InnoDB; Integrated Ticketing System; Email Accounts; Memcached; Node.js; Subdomains; Help Desk; Data Traffic; Varnish; VPN Traffic; Assisted Website Migration; Weekly Backup; Purchase

ModSecurity is a plugin for Apache web servers which functions as a web application layer firewall. It's employed to stop attacks against script-driven websites through the use of security rules that contain certain expressions. In this way, the firewall can prevent hacking and spamming attempts and shield even sites which aren't updated frequently. For example, a number of unsuccessful login attempts to a script administrator area or attempts to execute a particular file with the intention to get access to the script shall trigger specific rules, so ModSecurity shall block out these activities the instant it discovers them. The firewall is incredibly efficient since it tracks the entire HTTP traffic to an Internet site in real time without slowing it down, so it could prevent an attack before any harm is done. It furthermore keeps an incredibly thorough log of all attack attempts which contains more info than standard Apache logs, so you could later check out the data and take further measures to improve the security of your Internet sites if needed.

: ModSecurity in Shared Hosting

ModSecurity can be found with every single shared hosting package that we provide and it's activated by default for every domain or subdomain that you add through your Hepsia Control Panel. In the event that it interferes with any of your programs or you would like to disable it for some reason, you will be able to do this through the ModSecurity area of Hepsia with merely a click. You could also use a passive mode, so the firewall will identify possible attacks and keep a log, but will not take any action. You'll be able to view comprehensive logs in the exact same section, including the IP where the attack came from, what precisely the attacker tried to do and at what time, what ModSecurity did, etcetera. For max security of our clients we use a collection of commercial firewall rules combined with custom ones that are included by our system admins.; ModSecurity in Semi-dedicated Servers

Any web application you install within your new semi-dedicated server account shall be protected by ModSecurity because the firewall is included with all our hosting plans and is activated by default for any domain and subdomain that you include or create via your Hepsia hosting Control Panel. You'll be able to manage ModSecurity through a dedicated section in Hepsia where not simply can you activate or deactivate it completely, but you could also enable a passive mode, so the firewall will not block anything, but it shall still maintain an archive of potential attacks. This requires only a mouse click and you will be able to view the logs regardless of if ModSecurity is in active or passive mode through the same section - what the attack was and where it came from, how it was handled, and so on. The firewall uses two sets of rules on our web servers - a commercial one that we get from a third-party web security provider and a custom one that our administrators update manually in order to respond to recently discovered risks as quickly as possible.; ModSecurity in VPS Servers

ModSecurity is pre-installed on all VPS servers which are provided with the Hepsia hosting Control Panel, so your web programs shall be secured from the instant your server is ready. The firewall is activated by default for any domain or subdomain on the Virtual Private Server, but if needed, you could deactivate it with a mouse click from the corresponding section of Hepsia. You may also set it to function in detection mode, so it will keep a detailed log of any potential attacks without taking any action to prevent them. The logs can be found inside the very same section and provide information about the nature of the attack, what IP address it came from and what ModSecurity rule was activated to stop it. For best security, we employ not simply commercial rules from a business working in the field of web security, but also custom ones that our admins add personally so as to respond to new risks which are still not dealt with in the commercial rules.; ModSecurity in Dedicated Servers

ModSecurity is offered as standard with all dedicated servers that are set up with the Hepsia Control Panel and is set to “Active” automatically for any domain you host or subdomain you create on the web server. In case that a web app doesn't work correctly, you may either turn off the firewall or set it to operate in passive mode. The latter means that ModSecurity shall keep a log of any potential attack which could happen, but shall not take any action to prevent it. The logs created in passive or active mode shall present you with additional details about the exact file which was attacked, the type of the attack and the IP it originated from, and so forth. This info will permit you to decide what measures you can take to increase the safety of your websites, for instance blocking IPs or carrying out script and plugin updates. The ModSecurity rules which we use are updated frequently with a commercial bundle from a third-party security provider we work with, but oftentimes our administrators include their own rules as well in case they identify a new potential threat.