Learn how having ModSecurity allowed within your hosting account can help silently with your website security.
ModSecurity is a powerful firewall for Apache web servers which is employed to stop attacks toward web apps. It tracks the HTTP traffic to a certain site in real time and prevents any intrusion attempts as soon as it discovers them. The firewall uses a set of rules to do that - as an illustration, attempting to log in to a script administrator area unsuccessfully several times sets off one rule, sending a request to execute a certain file which could result in accessing the website triggers a different rule, etcetera. ModSecurity is one of the best firewalls on the market and it'll protect even scripts which aren't updated frequently since it can prevent attackers from employing known exploits and security holes. Very comprehensive information about every single intrusion attempt is recorded and the logs the firewall maintains are considerably more detailed than the conventional logs generated by the Apache server, so you may later analyze them and decide whether you need to take more measures in order to improve the protection of your script-driven sites.
ModSecurity in Cloud Website Hosting
ModSecurity is provided with all cloud website hosting
machines, so when you opt to host your sites with our business, they will be shielded from a wide range of attacks. The firewall is enabled as standard for all domains and subdomains, so there will be nothing you'll need to do on your end. You will be able to stop ModSecurity for any website if necessary, or to activate a detection mode, so all activity shall be recorded, but the firewall shall not take any real action. You'll be able to view comprehensive logs using your Hepsia CP including the IP where the attack originated from, what the attacker planned to do and how ModSecurity addressed the threat. Since we take the protection of our clients' websites seriously, we use a collection of commercial rules which we get from one of the leading companies which maintain this sort of rules. Our admins also add custom rules to ensure that your websites will be resistant to as many risks as possible.
ModSecurity in Semi-dedicated Hosting
ModSecurity is part of our semi-dedicated hosting
packages and if you decide to host your websites with us, there won't be anything special you'll need to do since the firewall is switched on by default for all domains and subdomains which you include using your hosting CP. If necessary, you can disable ModSecurity for a given site or enable the so-called detection mode in which case the firewall will still function and record info, but won't do anything to prevent possible attacks against your sites. Thorough logs will be readily available within your CP and you'll be able to see what type of attacks happened, what security rules were triggered and how the firewall dealt with the threats, what Internet protocol addresses the attacks came from, and so on. We employ two sorts of rules on our servers - commercial ones from a company that operates in the field of web security, and custom ones that our admins often include to respond to newly discovered threats on time.
ModSecurity in Dedicated Servers Hosting
If you opt to host your Internet sites on a dedicated server
with the Hepsia Control Panel, your web programs shall be protected right from the start since ModSecurity is provided with all Hepsia-based solutions. You shall be able to control the firewall effortlessly and if required, you shall be able to turn it off or enable its passive mode when it shall only keep a log of what is happening without taking any action to stop potential attacks. The logs which you'll find inside the same section of the CP are incredibly detailed and contain info about the attacker IP address, what site and file were attacked and in what way, what rule the firewall used to stop the intrusion, etc. This information shall enable you to take measures and improve the security of your Internet sites even more. To be on the safe side, we use not just commercial rules, but also custom-made ones that our staff include whenever they recognize attacks which have not yet been included within the commercial pack.