ModSecurity

: Glossary; AAAA Records; Access Log Manager; Additional RAM; Administration Services; Advanced Tools; Email Aliases; Antivirus Protection; APC; Web Apps; Auto-responder Emails; Browsable Daily Backups; Catch-all Emails; CentOS; Live Chat Support; ClientExec Billing And Support Software; Genuine Cloud Architecture; CNAME Records; Web Hosting Control Panel; Hardware; CPanel Control Panel; CPU Share; Cron Jobs; Custom Error Pages; MX And A Records; Daily Data Back-up; Data Centers; Data Compression; Debian; Dedicated IP Address; Server Network Hardware; DirectAdmin Control Panel; Disk Space; Domain Backorders; DomainKeys Identified Mail; Domain Manager; Parked Domains; Domain Registration Transfer; Dreamweaver Compatible; Dropbox Backups; Email Forwarding; Email Manager; Enom Domain Name Reseller Account; EPP Transfer Protection; Error Log Viewer; Extensive Online Documentation; Extra Dedicated IPs; File Manager; FTP Accounts; FTP Manager; Full DNS Management; Full WHOIS Management; Guaranteed RAM; Hepsia Control Panel; Domains Hosted; Hotlinking Protection; Htaccess Generator; ID Protection; Imagemagick And GD Library; InnoDB; Installation And Troubleshooting; Instant Account Activation; Integrated Ticketing System; IonCube; IP Blocking; JailHost; Email Accounts; Mailing Lists; Mailing List Members; Managed Services Package; Marketing Tools; Money Back Guarantee; Memcached; Microsoft Frontpage Extensions; ModSecurity; Monitoring And Rebooting; MySQL And Load Stats; 2.5 Gbit Network Connectivity; Data Corruption; Node.js; No Overselling; NS Records; One-Hour Response Guarantee; Perl Modules; Password Protected Directories; Perl Scripting; PostgreSQL Databases; PostgreSQL Database Storage; Phone Support; PHP 4 And PHP 5 Support; PhpMyAdmin; PhpPgAdmin; Python; RAID; Registrar Lock; Server Reselling Options; SSI; Shared SSL IP; SiteMap Generator; SMTP Server; Spam Filters; SPF Protection; MySQL Databases; MySQL Database Storage; SRV Records; Data Caching; SSL Certificate Generator; Stable Linux With Apache; Subdomains; Customer Support; Bandwidth; TXT Records; Ubuntu; UPS And Diesel Back-up Generator; Service Uptime; URL Redirection; Varnish; VPN Traffic; Multiple Control Panels; Setup Fees; Multiple OS; Full Root-level Access; SSH Telnet; Web Accelerators; Online Site Builder; Web And FTP Statistics; Web Installer; Webmail; Assisted Website Migration; Website Manager; Free Site Themes; Weekly Backup; Weekly OS Update; Zend Optimizer; ZFS Mails And MySQL; Order

ModSecurity is a plugin for Apache web servers that functions as a web application layer firewall. It is used to stop attacks against script-driven sites by using security rules that contain specific expressions. That way, the firewall can block hacking and spamming attempts and preserve even sites that aren't updated regularly. As an example, multiple unsuccessful login attempts to a script administrative area or attempts to execute a particular file with the objective to get access to the script will trigger certain rules, so ModSecurity will block these activities the second it discovers them. The firewall is extremely efficient as it tracks the whole HTTP traffic to an Internet site in real time without slowing it down, so it can prevent an attack before any harm is done. It additionally maintains a very detailed log of all attack attempts which includes more info than conventional Apache logs, so you can later check out the data and take additional measures to increase the security of your Internet sites if required.

ModSecurity in Website Hosting

We provide ModSecurity with all website hosting packages, so your Internet applications will be resistant to destructive attacks. The firewall is switched on as standard for all domains and subdomains, but if you would like, you shall be able to stop it via the respective area of your Hepsia Control Panel. You'll be able to also switch on a detection mode, so ModSecurity shall keep a log as intended, but will not take any action. The logs that you'll discover inside Hepsia are quite detailed and feature information about the nature of any attack, when it transpired and from what IP, the firewall rule which was triggered, and so forth. We use a group of commercial rules that are constantly updated, but sometimes our administrators add custom rules as well so as to better protect the websites hosted on our servers.

ModSecurity in Semi-dedicated Hosting

Any web app that you install within your new semi-dedicated hosting account will be protected by ModSecurity because the firewall comes with all our hosting plans and is switched on by default for any domain and subdomain that you include or create via your Hepsia hosting Control Panel. You shall be able to manage ModSecurity via a dedicated section inside Hepsia where not only could you activate or deactivate it fully, but you could also enable a passive mode, so the firewall won't stop anything, but it'll still maintain an archive of potential attacks. This requires only a click and you will be able to look at the logs regardless if ModSecurity is in active or passive mode through the same section - what the attack was and where it originated from, how it was handled, etc. The firewall employs two groups of rules on our machines - a commercial one that we get from a third-party web security company and a custom one which our administrators update personally as to respond to recently discovered threats as quickly as possible.

ModSecurity in VPS

Protection is essential to us, so we set up ModSecurity on all virtual private servers that are provided with the Hepsia CP as a standard. The firewall can be managed through a dedicated section within Hepsia and is activated automatically when you add a new domain or create a subdomain, so you'll not need to do anything personally. You will also be able to deactivate it or activate the so-called detection mode, so it'll keep a log of potential attacks you can later analyze, but will not prevent them. The logs in both passive and active modes offer info regarding the form of the attack and how it was eliminated, what IP it came from and other useful data that could help you to tighten the security of your sites by updating them or blocking IPs, for instance. Beyond the commercial rules we get for ModSecurity from a third-party security company, we also use our own rules as occasionally we identify specific attacks that aren't yet present inside the commercial package. That way, we can enhance the security of your Virtual private server instantly as opposed to awaiting a certified update.

ModSecurity in Dedicated Hosting

ModSecurity is included with all dedicated servers which are set up with our Hepsia CP and you'll not have to do anything specific on your end to use it because it's turned on by default whenever you add a new domain or subdomain on your hosting server. If it disrupts some of your apps, you shall be able to stop it through the respective part of Hepsia, or you may leave it operating in passive mode, so it will detect attacks and will still maintain a log for them, but won't stop them. You may examine the logs later to find out what you can do to increase the security of your Internet sites as you'll find details such as where an intrusion attempt came from, what site was attacked and based upon what rule ModSecurity reacted, etcetera. The rules that we employ are commercial, thus they are regularly updated by a security provider, but to be on the safe side, our staff also add custom rules every now and then in order to deal with any new threats they have found.