ModSecurity

: Terminology; Disk Space; Hepsia Control Panel; Domain Names Hosted; InnoDB; Integrated Ticketing System; Email Accounts; Memcached; Node.js; Subdomains; Customer Support; Data Traffic; Varnish; VPN Traffic; Assisted Website Migration; Weekly Backup; Order Now

ModSecurity is an efficient firewall for Apache web servers that is employed to prevent attacks towards web applications. It keeps track of the HTTP traffic to a particular site in real time and prevents any intrusion attempts the instant it discovers them. The firewall relies on a set of rules to accomplish that - for instance, attempting to log in to a script admin area without success many times activates one rule, sending a request to execute a particular file that may result in accessing the site triggers another rule, and so on. ModSecurity is among the best firewalls around and it will secure even scripts which are not updated frequently because it can prevent attackers from employing known exploits and security holes. Very thorough information about every single intrusion attempt is recorded and the logs the firewall maintains are a lot more specific than the conventional logs generated by the Apache server, so you can later analyze them and decide if you need to take more measures in order to boost the safety of your script-driven websites.

ModSecurity in Cloud Hosting

ModSecurity comes by default with all cloud hosting solutions that we offer and it will be activated automatically for any domain or subdomain that you add/create inside your Hepsia hosting CP. The firewall has three different modes, so you'll be able to activate and deactivate it with only a click or set it to detection mode, so it'll keep a log of all attacks, but it'll not do anything to prevent them. The log for each of your websites will feature in-depth info such as the nature of the attack, where it originated from, what action was taken by ModSecurity, etcetera. The firewall rules we use are constantly updated and incorporate both commercial ones which we get from a third-party security firm and custom ones our system administrators include in case that they detect a new sort of attacks. In this way, the sites which you host here shall be far more protected with no action required on your end.

ModSecurity in Semi-dedicated Hosting

All semi-dedicated hosting plans which we offer come with ModSecurity and since the firewall is enabled by default, any website you create under a domain or a subdomain shall be protected right from the start. An individual section within the Hepsia CP that comes with the semi-dedicated accounts is dedicated to ModSecurity and it will enable you to start and stop the firewall for any Internet site or activate a detection mode. With the last option, ModSecurity won't take any action, but it'll still recognize possible attacks and shall keep all information within a log as if it were 100% active. The logs could be found in the exact same section of the Control Panel and they offer information about the IP where an attack originated from, what its nature was, what rule ModSecurity applies to detect and stop it, etc. The security rules that we employ on our machines are a mix of commercial ones from a security business and custom ones created by our system administrators. Consequently, we offer greater security for your web applications as we can shield them from attacks before security companies release updates for completely new threats.

ModSecurity in VPS

Protection is vital to us, so we set up ModSecurity on all virtual private servers which are provided with the Hepsia Control Panel as a standard. The firewall can be managed through a dedicated section within Hepsia and is activated automatically when you add a new domain or generate a subdomain, so you will not need to do anything personally. You shall also be able to deactivate it or switch on the so-called detection mode, so it shall maintain a log of potential attacks which you can later examine, but shall not stop them. The logs in both passive and active modes include info regarding the form of the attack and how it was eliminated, what IP it came from and other important info that might help you to tighten the security of your Internet sites by updating them or blocking IPs, for example. Beyond the commercial rules that we get for ModSecurity from a third-party security enterprise, we also implement our own rules since occasionally we discover specific attacks which aren't yet present in the commercial group. This way, we can easily increase the protection of your Virtual private server right away as opposed to awaiting an official update.

ModSecurity in Dedicated Hosting

When you decide to host your Internet sites on a dedicated server with the Hepsia CP, your web apps will be protected immediately because ModSecurity is available with all Hepsia-based packages. You shall be able to regulate the firewall with ease and if necessary, you shall be able to turn it off or switch on its passive mode when it'll only maintain a log of what is going on without taking any action to stop possible attacks. The logs that you can find in the exact same section of the Control Panel are extremely detailed and feature information about the attacker IP address, what site and file were attacked and in what way, what rule the firewall used to prevent the intrusion, and so on. This information shall permit you to take measures and enhance the protection of your sites even more. To be on the safe side, we employ not only commercial rules, but also custom-made ones which our admins add whenever they identify attacks which haven't yet been included within the commercial pack.