ModSecurity

: Hosting Glossary; AAAA Records; Access Log Manager; Additional RAM; Administration Services; Advanced Tools; Email Aliases; Antivirus Protection; APC; Web App Installer; Auto-responder Emails; Browsable Daily Backups; Catch-all Emails; CentOS; Live Chat Support; ClientExec Billing And Support Software; Genuine Cloud Architecture; CNAME Records; Control Panel; Hardware; CPanel Control Panel; CPU Share; Cron Jobs; Custom Error Pages; MX And A Records; Daily Data Back-up; Data Centers; Data Compression; Debian; Dedicated IP; Server Network Hardware; DirectAdmin Control Panel; Disk Space; Domain Backorders; DomainKeys Identified Mail; Domain Manager; Parked Domain Names; Domain Registration Transfer; Dreamweaver Compatibility; Dropbox Backups; Email Forwarding; Email Manager; Enom Domain Name Reseller Account; EPP Transfer Protection; Error Log Viewer; Extensive Online Documentation; Extra Dedicated IPs; File Manager; FTP Accounts; FTP Manager; Full DNS Management; Full WHOIS Management; Guaranteed RAM; Hepsia Control Panel; Domains Hosted; Hotlink Protection; Htaccess Generator; Domain ID Protection; Imagemagick And GD Library; InnoDB; Installation And Troubleshooting; Instant Account Activation; Integrated Ticketing System; IonCube; IP Blocking; JailHost; Email Accounts; Mailing Lists; Mailing List Members; Managed Services Package; Marketing Tools; Money Back Guarantee; Memcached; Microsoft FPE; ModSecurity; Monitoring And Rebooting; MySQL And Load Stats; 2.5 Gbit Network Connectivity; Data Corruption; Node.js; No Overselling; NS Records; One-Hour Response Guarantee; Perl Modules; Password Protected Directories; Perl Scripting; PgSQL Databases; PgSQL Database Storage; Phone Support; PHP 4 And PHP 5 Support; PhpMyAdmin; PhpPgAdmin; Python; RAID; Registrar Lock; Server Reselling Options; SSI; Shared SSL IP; SiteMap Generator; SMTP Server; Spam Filters; SPF Protection; MySQL Databases; MySQL Database Storage; SRV Records; Data Caching; SSL Certificate Generator; Stable Linux With Apache; Subdomains; Help Desk; Bandwidth; TXT Records; Ubuntu; UPS And Diesel Back-up Generator; Service Uptime Guarantee; URL Redirection; Varnish; VPN Traffic; Multiple Control Panels; Setup Fees; Multiple OS; Full Root-level Access; SSH Telnet; Web Accelerators; Online Site Builder; Web And FTP Statistics; Web Installer; Webmail; Assisted Website Migration; Website Manager; Free Site Themes; Weekly Backup; Weekly OS Update; Zend Optimizer; ZFS Mails And MySQL; Sign Up

ModSecurity is a plugin for Apache web servers that acts as a web app layer firewall. It's used to prevent attacks against script-driven websites through the use of security rules which contain specific expressions. That way, the firewall can prevent hacking and spamming attempts and protect even Internet sites that aren't updated on a regular basis. For instance, numerous failed login attempts to a script admin area or attempts to execute a certain file with the purpose to get access to the script will trigger particular rules, so ModSecurity shall block out these activities the moment it discovers them. The firewall is quite efficient because it tracks the whole HTTP traffic to an Internet site in real time without slowing it down, so it could stop an attack before any harm is done. It additionally keeps an incredibly thorough log of all attack attempts which includes more information than standard Apache logs, so you can later analyze the data and take further measures to increase the security of your sites if required.

ModSecurity in Shared Website Hosting

ModSecurity is available on all shared website hosting machines, so if you choose to host your sites with our firm, they shall be resistant to a wide range of attacks. The firewall is enabled as standard for all domains and subdomains, so there'll be nothing you will have to do on your end. You will be able to stop ModSecurity for any site if needed, or to enable a detection mode, so all activity will be recorded, but the firewall will not take any real action. You shall be able to view detailed logs using your Hepsia CP including the IP address where the attack originated from, what the attacker wanted to do and how ModSecurity addressed the threat. Since we take the security of our clients' Internet sites very seriously, we use a collection of commercial rules that we take from one of the leading companies that maintain this kind of rules. Our admins also include custom rules to ensure that your Internet sites shall be protected against as many risks as possible.

ModSecurity in Semi-dedicated Servers

ModSecurity is part of our semi-dedicated server solutions and if you choose to host your websites with us, there won't be anything special you'll have to do given that the firewall is switched on by default for all domains and subdomains that you include through your hosting CP. If required, you can disable ModSecurity for a particular Internet site or switch on the so-called detection mode in which case the firewall will still function and record information, but won't do anything to prevent possible attacks against your sites. Comprehensive logs shall be readily available within your CP and you shall be able to see what type of attacks took place, what security rules were triggered and how the firewall addressed the threats, what IP addresses the attacks originated from, and so forth. We employ 2 sorts of rules on our servers - commercial ones from a company which operates in the field of web security, and customized ones which our admins often add to respond to newly found risks promptly.

ModSecurity in VPS Servers

All VPS servers which are provided with the Hepsia Control Panel come with ModSecurity. The firewall is set up and activated by default for all domains that are hosted on the web server, so there won't be anything special which you shall have to do to protect your websites. It will take you only a click to stop ModSecurity if necessary or to switch on its passive mode so that it records what happens without taking any actions to stop intrusions. You shall be able to see the logs produced in passive or active mode from the corresponding section of Hepsia and learn more about the form of the attack, where it came from, what rule the firewall employed to deal with it, etcetera. We use a combination of commercial and custom rules so as to make certain that ModSecurity will block out as many risks as possible, hence enhancing the protection of your web programs as much as possible.

ModSecurity in Dedicated Servers

All of our dedicated servers that are set up with the Hepsia hosting Control Panel feature ModSecurity, so any application which you upload or set up shall be secured from the very beginning and you'll not have to worry about common attacks or vulnerabilities. An individual section within Hepsia will allow you to start or stop the firewall for each domain or subdomain, or activate a detection mode so that it records info about intrusions, but does not take actions to prevent them. What you shall find in the logs can easily enable you to to secure your websites better - the IP address an attack came from, what site was attacked and how, what ModSecurity rule was triggered, etcetera. With this data, you can see if a site needs an update, whether you ought to block IPs from accessing your hosting server, and so on. Besides the third-party commercial security rules for ModSecurity that we use, our administrators add custom ones as well every time they discover a new threat which is not yet included in the commercial bundle.