ModSecurity

: Glossary; AAAA Records; Access Log Manager; Additional RAM; Administration Services; Advanced Tools; Email Aliases; Antivirus Protection; APC; 1-Click Applications Installer; Auto-responder Emails; Browsable Daily Backups; Catch-all Emails; CentOS; Live Chat Support; ClientExec Billing And Support Software; Genuine Cloud Architecture; CNAME Records; Web Hosting Control Panel; Hardware; CPanel Control Panel; CPU Share; Cron Jobs; Custom Error Pages; Custom MX and A Records; Daily Data Back-up; Data Centers; Data Compression; Debian; Dedicated IP Address; Server Network Hardware; DirectAdmin Control Panel; Disk Space; Domain Backorders; DomainKeys Identified Mail; Domain Manager; Parked Domains; Domain Registration Transfer; Dreamweaver Compatible; Dropbox Backups; Email Forwarding; Email Manager; Enom Domain Name Reseller Account; EPP Transfer Protection; Error Log Viewer; Extensive Online Documentation; Extra Dedicated IPs; File Manager; FTP Accounts; FTP Manager; Full DNS Management; Full WHOIS Management; Guaranteed RAM; Hepsia Control Panel; Domains Hosted; Hotlink Protection; Htaccess Generator; WHOIS Privacy Protection; Imagemagick And GD Library; InnoDB; Installation And Troubleshooting; Instant Account Activation; Integrated Ticketing System; IonCube; IP Blocking; JailHost; Email Accounts; Mailing Lists; Mailing List Members; Managed Services Package; Marketing Tools; Money Back Guarantee; Memcached; Microsoft FPE; ModSecurity; Monitoring And Rebooting; MySQL And Load Stats; 2.5 Gbit Network Connectivity; Data Corruption; Node.js; No Overselling; NS Records; One-Hour Response Guarantee; Perl Modules; Password Protected Directories; Perl Scripting; PgSQL Databases; PostgreSQL Database Storage; Phone Support; PHP 4 PHP 5 And PHP 7 Support; PhpMyAdmin; PhpPgAdmin; Python; RAID; Registrar Lock; Server Reselling Options; Serverside Includes; Shared SSL IP; SiteMap Generator; SMTP Server; Spam Filters; SPF Protection; MySQL Databases; MySQL Database Storage; SRV Records; Data Caching; SSL Certificate Generator; Stable Linux With Apache; Subdomains; Support; Monthly Traffic; TXT Records; Ubuntu; UPS And Diesel Back-up Generator; Service Uptime Guarantee; URL Redirection; Varnish; VPN Traffic; Multiple Control Panels; Setup Fee; Multiple OS; Full Root-level Access; SSH Telnet; Web Accelerators; Website Builder; Web And FTP Statistics; Web Installer; Webmail; Assisted Website Migration; Website Manager; Free Website Templates; Weekly Backup; Weekly OS Update; Zend Optimizer; ZFS Mails And MySQL; Sign Up

ModSecurity is a plugin for Apache web servers which acts as a web app layer firewall. It is employed to stop attacks towards script-driven sites by using security rules that contain certain expressions. That way, the firewall can stop hacking and spamming attempts and preserve even websites that are not updated often. For example, multiple failed login attempts to a script administrative area or attempts to execute a particular file with the intention to get access to the script will trigger specific rules, so ModSecurity will block out these activities the second it discovers them. The firewall is very efficient because it monitors the whole HTTP traffic to an Internet site in real time without slowing it down, so it can easily stop an attack before any damage is done. It furthermore keeps an incredibly thorough log of all attack attempts that includes more info than conventional Apache logs, so you could later examine the data and take additional measures to improve the security of your websites if needed.

ModSecurity in Shared Hosting

ModSecurity comes standard with all shared hosting plans which we supply and it shall be switched on automatically for any domain or subdomain which you add/create in your Hepsia hosting Control Panel. The firewall has three different modes, so you could switch on and disable it with only a click or set it to detection mode, so it'll maintain a log of all attacks, but it shall not do anything to stop them. The log for each of your websites shall contain in-depth information which includes the nature of the attack, where it originated from, what action was taken by ModSecurity, etcetera. The firewall rules we use are frequently updated and comprise of both commercial ones which we get from a third-party security business and custom ones our system admins add in case that they detect a new type of attacks. This way, the sites you host here shall be a lot more protected without any action expected on your end.

ModSecurity in Semi-dedicated Hosting

We've integrated ModSecurity as a standard inside all semi-dedicated hosting plans, so your web apps will be protected the instant you install them under any domain or subdomain. The Hepsia Control Panel that comes with the semi-dedicated accounts will allow you to switch on or disable the firewall for any Internet site with a click. You'll also have the ability to activate a passive detection mode in which ModSecurity will maintain a log of potential attacks without actually preventing them. The thorough logs contain the nature of the attack and what ModSecurity response that attack triggered, where it originated from, and so on. The list of rules we employ is constantly updated as to match any new risks which might appear on the Internet and it consists of both commercial rules that we get from a security firm and custom-written ones which our administrators add in the event that they discover a threat that is not present within the commercial list yet.

ModSecurity in VPS

Safety is of the utmost importance to us, so we install ModSecurity on all virtual private servers that are made available with the Hepsia Control Panel by default. The firewall can be managed through a dedicated section in Hepsia and is turned on automatically when you include a new domain or generate a subdomain, so you will not have to do anything by hand. You will also be able to deactivate it or switch on the so-called detection mode, so it will maintain a log of potential attacks which you can later examine, but won't prevent them. The logs in both passive and active modes include information regarding the kind of the attack and how it was prevented, what IP address it originated from and other valuable info which might help you to tighten the security of your Internet sites by updating them or blocking IPs, for instance. Besides the commercial rules that we get for ModSecurity from a third-party security company, we also implement our own rules as occasionally we find specific attacks that are not yet present within the commercial package. This way, we could boost the security of your VPS immediately as opposed to awaiting an official update.

ModSecurity in Dedicated Hosting

All our dedicated servers that are installed with the Hepsia hosting Control Panel come with ModSecurity, so any application you upload or install shall be properly secured from the very beginning and you will not have to bother about common attacks or vulnerabilities. An individual section inside Hepsia will allow you to start or stop the firewall for each domain or subdomain, or switch on a detection mode so that it records info about intrusions, but does not take actions to prevent them. What you shall discover in the logs can easily allow you to to secure your sites better - the IP an attack originated from, what site was attacked as well as how, what ModSecurity rule was triggered, and so forth. With this information, you could see whether a site needs an update, whether you need to block IPs from accessing your web server, and so on. Besides the third-party commercial security rules for ModSecurity which we use, our administrators include custom ones as well if they find a new threat which is not yet included in the commercial bundle.