ModSecurity in Cloud Hosting
ModSecurity comes by default with all cloud hosting packages that we offer and it'll be switched on automatically for any domain or subdomain which you add/create inside your Hepsia hosting CP. The firewall has 3 different modes, so you can activate and disable it with only a mouse click or set it to detection mode, so it'll maintain a log of all attacks, but it will not do anything to prevent them. The log for each of your websites shall include elaborate information such as the nature of the attack, where it originated from, what action was taken by ModSecurity, etc. The firewall rules that we use are constantly updated and consist of both commercial ones that we get from a third-party security firm and custom ones that our system administrators add in the event that they detect a new type of attacks. That way, the Internet sites that you host here will be a lot more secure without any action required on your end.
ModSecurity in Semi-dedicated Servers
We have integrated ModSecurity by default in all semi-dedicated server products, so your web apps will be protected the instant you install them under any domain or subdomain. The Hepsia CP that is included with the semi-dedicated accounts shall permit you to activate or disable the firewall for any Internet site with a click. You will also be able to activate a passive detection mode in which ModSecurity will keep a log of potential attacks without really stopping them. The thorough logs contain the nature of the attack and what ModSecurity response that attack caused, where it originated from, etcetera. The list of rules we employ is frequently updated as to match any new risks that may appear on the Internet and it comes with both commercial rules that we get from a security corporation and custom-written ones that our admins include if they find a threat that's not present within the commercial list yet.
ModSecurity in VPS Servers
Safety is very important to us, so we set up ModSecurity on all VPS servers that are set up with the Hepsia Control Panel by default. The firewall can be managed through a dedicated section within Hepsia and is turned on automatically when you include a new domain or create a subdomain, so you won't have to do anything personally. You shall also be able to deactivate it or turn on the so-called detection mode, so it shall maintain a log of possible attacks you can later study, but won't stop them. The logs in both passive and active modes contain info about the kind of the attack and how it was prevented, what IP address it originated from and other valuable information which could help you to tighten the security of your websites by updating them or blocking IPs, as an example. Beyond the commercial rules we get for ModSecurity from a third-party security company, we also employ our own rules since once in a while we detect specific attacks which are not yet present in the commercial group. This way, we could increase the security of your VPS promptly rather than waiting for an official update.
ModSecurity in Dedicated Servers
ModSecurity is available as standard with all dedicated servers which are set up with the Hepsia Control Panel and is set to “Active” automatically for any domain you host or subdomain that you create on the hosting server. In case that a web app doesn't operate correctly, you may either switch off the firewall or set it to function in passive mode. The second means that ModSecurity will maintain a log of any possible attack which might take place, but shall not take any action to stop it. The logs created in passive or active mode will offer you additional details about the exact file which was attacked, the nature of the attack and the IP it originated from, and so forth. This info shall allow you to determine what actions you can take to increase the security of your sites, such as blocking IPs or performing script and plugin updates. The ModSecurity rules which we use are updated regularly with a commercial bundle from a third-party security firm we work with, but occasionally our admins include their own rules also in case they discover a new potential threat.