ModSecurity

: Hosting Definitions; Disk Space; Hepsia Control Panel; Domains Hosted; InnoDB; Integrated Ticketing System; Email Accounts; Memcached; Node.js; Subdomains; Support; Bandwidth; Varnish; VPN Traffic; Assisted Website Migration; Weekly Backup; Order Now

ModSecurity is a highly effective web application layer firewall for Apache web servers. It monitors the whole HTTP traffic to an Internet site without affecting its functionality and if it discovers an intrusion attempt, it blocks it. The firewall furthermore keeps a more thorough log for the website visitors than any server does, so you will be able to keep track of what's going on with your sites a lot better than if you rely merely on conventional logs. ModSecurity uses security rules based on which it helps prevent attacks. For instance, it detects whether somebody is attempting to log in to the administration area of a particular script multiple times or if a request is sent to execute a file with a specific command. In these situations these attempts trigger the corresponding rules and the firewall software blocks the attempts in real time, after that records comprehensive information about them in its logs. ModSecurity is among the very best software firewalls available and it can easily protect your web applications against thousands of threats and vulnerabilities, particularly in case you don’t update them or their plugins frequently.

: ModSecurity in Hosting

ModSecurity comes standard with all hosting plans which we provide and it shall be switched on automatically for any domain or subdomain you add/create in your Hepsia hosting CP. The firewall has three different modes, so you'll be able to activate and disable it with only a click or set it to detection mode, so it'll keep a log of all attacks, but it shall not do anything to stop them. The log for each of your sites will include elaborate info including the nature of the attack, where it originated from, what action was taken by ModSecurity, and so on. The firewall rules which we use are constantly updated and include both commercial ones which we get from a third-party security company and custom ones which our system administrators add in case that they detect a new sort of attacks. That way, the Internet sites you host here will be way more protected with no action required on your end.; ModSecurity in Semi-dedicated Hosting

ModSecurity is part of our semi-dedicated hosting solutions and if you opt to host your websites with us, there won't be anything special you'll need to do given that the firewall is turned on by default for all domains and subdomains that you add using your hosting Control Panel. If required, you can disable ModSecurity for a given site or turn on the so-called detection mode in which case the firewall will still work and record information, but shall not do anything to stop potential attacks on your sites. Detailed logs will be available within your Control Panel and you will be able to see which kind of attacks occurred, what security rules were triggered and how the firewall handled the threats, what IP addresses the attacks came from, etc. We use 2 kinds of rules on our servers - commercial ones from a company which operates in the field of web security, and custom made ones which our admins sometimes include to respond to newly found threats in a timely manner.; ModSecurity in VPS Web Hosting

All virtual private servers which are set up with the Hepsia Control Panel feature ModSecurity. The firewall is installed and turned on by default for all domains that are hosted on the web server, so there won't be anything special that you shall have to do to protect your websites. It will take you simply a mouse click to stop ModSecurity if required or to turn on its passive mode so that it records what occurs without taking any measures to stop intrusions. You'll be able to view the logs produced in passive or active mode via the corresponding section of Hepsia and find out more about the type of the attack, where it originated from, what rule the firewall employed to take care of it, and so on. We employ a mix of commercial and custom rules so as to ensure that ModSecurity shall prevent as many risks as possible, consequently increasing the protection of your web applications as much as possible.; ModSecurity in Dedicated Servers Hosting

ModSecurity is offered as standard with all dedicated servers which are set up with the Hepsia CP and is set to “Active” automatically for any domain you host or subdomain which you create on the server. In the event that a web application doesn't work correctly, you can either turn off the firewall or set it to operate in passive mode. The second means that ModSecurity will keep a log of any possible attack which could happen, but will not take any action to stop it. The logs created in passive or active mode shall provide you with more details about the exact file which was attacked, the type of the attack and the IP address it came from, etc. This info shall enable you to determine what steps you can take to improve the security of your websites, including blocking IPs or performing script and plugin updates. The ModSecurity rules that we use are updated often with a commercial pack from a third-party security firm we work with, but oftentimes our admins include their own rules also if they find a new potential threat.