ModSecurity
Find out how having ModSecurity enabled within your website hosting account could help silently with your web site security.
ModSecurity is an efficient firewall for Apache web servers which is employed to stop attacks towards web applications. It tracks the HTTP traffic to a particular website in real time and stops any intrusion attempts the instant it discovers them. The firewall relies on a set of rules to do this - as an illustration, trying to log in to a script administration area without success several times triggers one rule, sending a request to execute a specific file which may result in gaining access to the website triggers another rule, etcetera. ModSecurity is amongst the best firewalls on the market and it'll preserve even scripts which aren't updated often because it can prevent attackers from employing known exploits and security holes. Very thorough information about every intrusion attempt is recorded and the logs the firewall maintains are considerably more comprehensive than the standard logs provided by the Apache server, so you can later examine them and decide whether you need to take more measures in order to boost the safety of your script-driven sites.
-
ModSecurity in Shared Web Hosting
ModSecurity comes standard with all
shared web hosting plans that we provide and it shall be activated automatically for any domain or subdomain you add/create inside your Hepsia hosting Control Panel. The firewall has 3 different modes, so you'll be able to activate and deactivate it with just a click or set it to detection mode, so it shall maintain a log of all attacks, but it shall not do anything to prevent them. The log for any of your sites will contain comprehensive info which includes the nature of the attack, where it came from, what action was taken by ModSecurity, etcetera. The firewall rules which we use are constantly updated and incorporate both commercial ones that we get from a third-party security firm and custom ones which our system admins include in case that they detect a new type of attacks. In this way, the sites that you host here shall be far more secure with no action required on your end.
-
ModSecurity in Semi-dedicated Hosting
Any web app you install inside your new
semi-dedicated hosting account shall be protected by ModSecurity as the firewall comes with all our hosting solutions and is switched on by default for any domain and subdomain you include or create via your Hepsia hosting Control Panel. You shall be able to manage ModSecurity via a dedicated area in Hepsia where not simply could you activate or deactivate it completely, but you can also enable a passive mode, so the firewall shall not block anything, but it will still maintain an archive of possible attacks. This takes just a mouse click and you'll be able to look at the logs regardless of if ModSecurity is in passive or active mode through the same section - what the attack was and where it came from, how it was taken care of, and so forth. The firewall uses 2 sets of rules on our web servers - a commercial one that we get from a third-party web security provider and a custom one which our admins update manually in order to respond to newly discovered threats as fast as possible.
-
ModSecurity in Dedicated Hosting
If you decide to host your Internet sites on a
dedicated server with the Hepsia Control Panel, your web apps will be secured right from the start as ModSecurity is available with all Hepsia-based plans. You shall be able to control the firewall effortlessly and if necessary, you shall be able to turn it off or enable its passive mode when it will only maintain a log of what is occurring without taking any action to stop potential attacks. The logs that you can find in the same section of the CP are quite detailed and feature data about the attacker IP address, what site and file were attacked and in what ways, what rule the firewall employed to prevent the intrusion, and so forth. This information will allow you to take measures and boost the protection of your sites even more. To be on the safe side, we use not only commercial rules, but also custom-made ones which our staff add every time they identify attacks that haven't yet been included in the commercial pack.
