ModSecurity is a plugin for Apache web servers that acts as a web application layer firewall. It's used to stop attacks towards script-driven websites by using security rules which contain certain expressions. This way, the firewall can prevent hacking and spamming attempts and protect even sites that are not updated often. For example, several unsuccessful login attempts to a script admin area or attempts to execute a certain file with the purpose to get access to the script will trigger specific rules, so ModSecurity will block these activities the instant it identifies them. The firewall is extremely efficient because it monitors the whole HTTP traffic to an Internet site in real time without slowing it down, so it will be able to prevent an attack before any damage is done. It additionally maintains an exceptionally detailed log of all attack attempts which features more info than traditional Apache logs, so you can later examine the data and take further measures to improve the security of your Internet sites if necessary.

ModSecurity in Cloud Web Hosting

We offer ModSecurity with all cloud web hosting plans, so your web apps will be protected against harmful attacks. The firewall is activated by default for all domains and subdomains, but in case you would like, you shall be able to stop it through the respective section of your Hepsia CP. You can also activate a detection mode, so ModSecurity will keep a log as intended, but shall not take any action. The logs that you shall find within Hepsia are very detailed and offer information about the nature of any attack, when it transpired and from what IP, the firewall rule which was triggered, etcetera. We employ a set of commercial rules that are frequently updated, but sometimes our admins add custom rules as well in order to better protect the Internet sites hosted on our machines.

ModSecurity in Semi-dedicated Hosting

All semi-dedicated hosting packages that we offer feature ModSecurity and because the firewall is turned on by default, any Internet site that you create under a domain or a subdomain shall be protected straight away. An individual section within the Hepsia Control Panel which comes with the semi-dedicated accounts is dedicated to ModSecurity and it'll allow you to stop and start the firewall for any site or enable a detection mode. With the latter, ModSecurity shall not take any action, but it shall still identify possible attacks and will keep all information inside a log as if it were fully active. The logs can be found inside the same section of the CP and they feature details about the IP where an attack originated from, what its nature was, what rule ModSecurity applies to detect and stop it, and so on. The security rules that we use on our web servers are a mix of commercial ones from a security firm and custom ones developed by our system admins. Therefore, we provide increased security for your web apps as we can defend them from attacks even before security businesses release updates for new threats.

ModSecurity in VPS Hosting

Safety is essential to us, so we install ModSecurity on all virtual private servers that are provided with the Hepsia Control Panel by default. The firewall can be managed through a dedicated section inside Hepsia and is turned on automatically when you include a new domain or create a subdomain, so you will not need to do anything manually. You'll also be able to disable it or activate the so-called detection mode, so it'll keep a log of potential attacks you can later analyze, but won't prevent them. The logs in both passive and active modes contain information about the type of the attack and how it was eliminated, what IP it originated from and other important info which might help you to tighten the security of your sites by updating them or blocking IPs, as an example. Beyond the commercial rules that we get for ModSecurity from a third-party security company, we also implement our own rules as occasionally we identify specific attacks that aren't yet present inside the commercial package. This way, we can easily improve the security of your VPS instantly rather than awaiting an official update.

ModSecurity in Dedicated Web Hosting

ModSecurity comes with all dedicated servers that are integrated with our Hepsia CP and you won't have to do anything specific on your end to employ it as it is activated by default whenever you add a new domain or subdomain on your hosting server. In the event that it disrupts any of your applications, you'll be able to stop it through the respective part of Hepsia, or you can leave it operating in passive mode, so it shall identify attacks and shall still keep a log for them, but won't prevent them. You'll be able to examine the logs later to find out what you can do to enhance the protection of your sites as you shall find details such as where an intrusion attempt came from, what Internet site was attacked and based upon what rule ModSecurity responded, and so forth. The rules we use are commercial, hence they are frequently updated by a security company, but to be on the safe side, our staff also add custom rules every now and then as to deal with any new threats they have discovered.