ModSecurity

: Hosting Terminology; Disk Space; Hepsia Control Panel; Hosted Domain Names; InnoDB; Integrated Ticketing System; Email Accounts; Memcached; Node.js; Subdomains; Support; Data Traffic; Varnish; VPN Traffic; Assisted Website Migration; Weekly Backup; Get Started

ModSecurity is a highly effective firewall for Apache web servers that's used to stop attacks towards web applications. It tracks the HTTP traffic to a specific site in real time and blocks any intrusion attempts as soon as it identifies them. The firewall relies on a set of rules to accomplish that - as an example, attempting to log in to a script administration area unsuccessfully many times activates one rule, sending a request to execute a particular file which may result in gaining access to the website triggers a different rule, and so forth. ModSecurity is one of the best firewalls out there and it'll secure even scripts which are not updated regularly because it can prevent attackers from employing known exploits and security holes. Very detailed information about every single intrusion attempt is recorded and the logs the firewall maintains are far more specific than the conventional logs created by the Apache server, so you could later take a look at them and decide whether you need to take extra measures so as to boost the security of your script-driven Internet sites.

: ModSecurity in Web Hosting

ModSecurity is available with each and every web hosting solution that we offer and it's activated by default for every domain or subdomain which you include via your Hepsia CP. In case it disrupts any of your applications or you'd like to disable it for some reason, you'll be able to achieve that through the ModSecurity area of Hepsia with merely a click. You can also activate a passive mode, so the firewall will detect potential attacks and maintain a log, but won't take any action. You could view comprehensive logs in the same section, including the IP address where the attack originated from, what exactly the attacker aimed to do and at what time, what ModSecurity did, and so on. For maximum safety of our clients we use a group of commercial firewall rules mixed with custom ones that are added by our system administrators.; ModSecurity in Semi-dedicated Hosting

ModSecurity is a part of our semi-dedicated hosting plans and if you choose to host your sites with us, there won't be anything special you will have to do given that the firewall is activated by default for all domains and subdomains which you include using your hosting Control Panel. If necessary, you could disable ModSecurity for a given website or activate the so-called detection mode in which case the firewall will still operate and record data, but won't do anything to stop potential attacks on your sites. Comprehensive logs will be available in your CP and you will be able to see what sort of attacks happened, what security rules were triggered and how the firewall handled the threats, what IP addresses the attacks came from, etc. We employ two kinds of rules on our servers - commercial ones from a company that operates in the field of web security, and custom ones which our administrators sometimes include to respond to newly identified risks in a timely manner.; ModSecurity in VPS Web Hosting

Safety is very important to us, so we set up ModSecurity on all virtual private servers that are provided with the Hepsia CP by default. The firewall could be managed via a dedicated section within Hepsia and is activated automatically when you add a new domain or create a subdomain, so you won't have to do anything manually. You'll also be able to disable it or turn on the so-called detection mode, so it'll keep a log of possible attacks you can later examine, but won't stop them. The logs in both passive and active modes contain information about the type of the attack and how it was prevented, what IP address it originated from and other valuable info that might help you to tighten the security of your websites by updating them or blocking IPs, for example. Besides the commercial rules we get for ModSecurity from a third-party security company, we also employ our own rules as occasionally we identify specific attacks that aren't yet present inside the commercial package. This way, we could improve the security of your Virtual private server in a timely manner instead of waiting for a certified update.; ModSecurity in Dedicated Servers Hosting

When you choose to host your Internet sites on a dedicated server with the Hepsia CP, your web apps will be secured right from the start since ModSecurity is available with all Hepsia-based solutions. You'll be able to manage the firewall easily and if required, you shall be able to turn it off or enable its passive mode when it shall only keep a log of what's occurring without taking any action to prevent possible attacks. The logs that you can find within the exact same section of the CP are really detailed and include information about the attacker IP, what website and file were attacked and in what ways, what rule the firewall employed to stop the intrusion, etcetera. This info will permit you to take measures and enhance the security of your websites even more. To be on the safe side, we use not just commercial rules, but also custom-made ones that our administrators add whenever they detect attacks that have not yet been included inside the commercial pack.