Find out how having ModSecurity enabled inside your hosting account can help silently with your site security.
ModSecurity is a highly effective firewall for Apache web servers that's employed to stop attacks toward web apps. It keeps track of the HTTP traffic to a certain website in real time and blocks any intrusion attempts the moment it identifies them. The firewall uses a set of rules to accomplish that - as an illustration, trying to log in to a script administration area without success several times triggers one rule, sending a request to execute a particular file which may result in accessing the Internet site triggers a different rule, etc. ModSecurity is amongst the best firewalls available on the market and it will protect even scripts which aren't updated frequently since it can prevent attackers from employing known exploits and security holes. Incredibly thorough info about each intrusion attempt is recorded and the logs the firewall keeps are a lot more specific than the regular logs provided by the Apache server, so you can later take a look at them and determine whether you need to take additional measures in order to improve the security of your script-driven websites.
ModSecurity in Shared Web Hosting
ModSecurity comes standard with all shared web hosting
plans which we offer and it'll be turned on automatically for any domain or subdomain which you add/create in your Hepsia hosting Control Panel. The firewall has 3 different modes, so you'll be able to switch on and deactivate it with a mouse click or set it to detection mode, so it'll keep a log of all attacks, but it will not do anything to stop them. The log for any of your sites will feature comprehensive information such as the nature of the attack, where it originated from, what action was taken by ModSecurity, etc. The firewall rules that we use are constantly updated and incorporate both commercial ones which we get from a third-party security firm and custom ones that our system administrators add in the event that they detect a new sort of attacks. That way, the sites which you host here will be far more secure with no action required on your end.
ModSecurity in Semi-dedicated Hosting
Any web program which you set up within your new semi-dedicated hosting
account will be protected by ModSecurity as the firewall is provided with all our hosting solutions and is activated by default for any domain and subdomain that you add or create via your Hepsia hosting CP. You will be able to manage ModSecurity through a dedicated area within Hepsia where not simply can you activate or deactivate it fully, but you can also enable a passive mode, so the firewall will not block anything, but it shall still maintain an archive of potential attacks. This takes just a click and you'll be able to view the logs regardless of if ModSecurity is in active or passive mode through the same section - what the attack was and where it came from, how it was addressed, and so forth. The firewall uses two groups of rules on our machines - a commercial one that we get from a third-party web security provider and a custom one which our administrators update personally in order to respond to newly discovered threats at the earliest opportunity.
ModSecurity in Dedicated Servers Hosting
If you decide to host your websites on a dedicated server
with the Hepsia CP, your web apps shall be protected straight away because ModSecurity is provided with all Hepsia-based solutions. You shall be able to regulate the firewall effortlessly and if required, you'll be able to turn it off or activate its passive mode when it shall only maintain a log of what is going on without taking any action to prevent potential attacks. The logs that you can find within the very same section of the Control Panel are quite detailed and contain details about the attacker IP, what site and file were attacked and in what way, what rule the firewall employed to prevent the intrusion, etc. This information will enable you to take measures and boost the protection of your Internet sites even more. To be on the safe side, we use not just commercial rules, but also custom-made ones which our admins add whenever they identify attacks which haven't yet been included inside the commercial pack.