ModSecurity is a plugin for Apache web servers that functions as a web app layer firewall. It is employed to stop attacks towards script-driven websites through the use of security rules that contain certain expressions. This way, the firewall can block hacking and spamming attempts and protect even websites that are not updated regularly. For instance, numerous unsuccessful login attempts to a script administrator area or attempts to execute a certain file with the objective to get access to the script will trigger certain rules, so ModSecurity shall stop these activities the instant it discovers them. The firewall is quite efficient since it screens the entire HTTP traffic to a site in real time without slowing it down, so it could stop an attack before any damage is done. It additionally keeps an incredibly comprehensive log of all attack attempts which features more info than standard Apache logs, so you could later analyze the data and take extra measures to enhance the security of your websites if required.

ModSecurity in Shared Website Hosting

ModSecurity is provided with all shared website hosting machines, so if you decide to host your sites with our company, they shall be shielded from an array of attacks. The firewall is enabled as standard for all domains and subdomains, so there'll be nothing you will have to do on your end. You shall be able to stop ModSecurity for any site if required, or to enable a detection mode, so all activity shall be recorded, but the firewall won't take any real action. You'll be able to view comprehensive logs using your Hepsia CP including the IP where the attack came from, what the attacker wanted to do and how ModSecurity dealt with the threat. As we take the safety of our clients' websites seriously, we use a collection of commercial rules that we take from one of the leading companies which maintain such rules. Our administrators also add custom rules to ensure that your sites will be resistant to as many threats as possible.

ModSecurity in Semi-dedicated Servers

All semi-dedicated server plans which we offer include ModSecurity and since the firewall is switched on by default, any website which you create under a domain or a subdomain shall be protected right away. An independent section in the Hepsia CP that comes with the semi-dedicated accounts is devoted to ModSecurity and it shall allow you to stop and start the firewall for any site or enable a detection mode. With the last option, ModSecurity shall not take any action, but it'll still recognize possible attacks and will keep all data inside a log as if it were 100% active. The logs can be found inside the very same section of the Control Panel and they include information regarding the IP where an attack came from, what its nature was, what rule ModSecurity applies to identify and stop it, and so forth. The security rules we employ on our machines are a mix of commercial ones from a security firm and custom ones created by our system admins. Therefore, we offer higher security for your web programs as we can defend them from attacks even before security corporations release updates for new threats.

ModSecurity in VPS Servers

Safety is essential to us, so we install ModSecurity on all VPS servers which are provided with the Hepsia CP by default. The firewall could be managed through a dedicated section within Hepsia and is switched on automatically when you add a new domain or create a subdomain, so you will not have to do anything by hand. You'll also be able to disable it or turn on the so-called detection mode, so it shall keep a log of potential attacks which you can later study, but will not block them. The logs in both passive and active modes contain information regarding the type of the attack and how it was stopped, what IP address it originated from and other valuable information which may help you to tighten the security of your websites by updating them or blocking IPs, as an example. On top of the commercial rules we get for ModSecurity from a third-party security enterprise, we also employ our own rules since from time to time we detect specific attacks which are not yet present in the commercial group. That way, we can boost the security of your Virtual private server immediately rather than awaiting an official update.

ModSecurity in Dedicated Servers

All of our dedicated servers which are set up with the Hepsia hosting Control Panel come with ModSecurity, so any application that you upload or set up will be protected from the very beginning and you will not have to stress about common attacks or vulnerabilities. An individual section within Hepsia will allow you to start or stop the firewall for every domain or subdomain, or switch on a detection mode so that it records info about intrusions, but does not take actions to prevent them. What you shall see in the logs can enable you to to secure your websites better - the IP address an attack originated from, what site was attacked as well as how, what ModSecurity rule was triggered, etc. With this info, you'll be able to see whether a site needs an update, whether you should block IPs from accessing your server, etcetera. In addition to the third-party commercial security rules for ModSecurity which we use, our administrators include custom ones too if they discover a new threat that is not yet included in the commercial bundle.