ModSecurity in Shared Hosting
ModSecurity comes standard with all shared hosting plans which we offer and it shall be turned on automatically for any domain or subdomain which you add/create inside your Hepsia hosting CP. The firewall has 3 different modes, so you'll be able to switch on and deactivate it with simply a click or set it to detection mode, so it'll maintain a log of all attacks, but it shall not do anything to prevent them. The log for any of your websites shall contain elaborate information which includes the nature of the attack, where it originated from, what action was taken by ModSecurity, etc. The firewall rules we use are regularly updated and comprise of both commercial ones that we get from a third-party security company and custom ones that our system admins add in case that they detect a new type of attacks. This way, the Internet sites which you host here shall be much more secure without any action expected on your end.
ModSecurity in Semi-dedicated Servers
Any web application which you set up inside your new semi-dedicated server account shall be protected by ModSecurity since the firewall is included with all our hosting solutions and is turned on by default for any domain and subdomain you add or create via your Hepsia hosting Control Panel. You will be able to manage ModSecurity via a dedicated section within Hepsia where not only could you activate or deactivate it entirely, but you could also switch on a passive mode, so the firewall will not block anything, but it'll still maintain a record of possible attacks. This normally requires just a click and you shall be able to see the logs no matter if ModSecurity is in active or passive mode through the same section - what the attack was and where it came from, how it was handled, and so on. The firewall uses 2 groups of rules on our web servers - a commercial one which we get from a third-party web security provider and a custom one that our administrators update manually as to respond to recently discovered threats as fast as possible.
ModSecurity in VPS Servers
Security is essential to us, so we set up ModSecurity on all VPS servers which are made available with the Hepsia Control Panel as a standard. The firewall could be managed through a dedicated section in Hepsia and is turned on automatically when you add a new domain or create a subdomain, so you will not have to do anything manually. You shall also be able to disable it or turn on the so-called detection mode, so it will keep a log of possible attacks which you can later examine, but will not block them. The logs in both passive and active modes offer info about the kind of the attack and how it was prevented, what IP address it came from and other important info that may help you to tighten the security of your sites by updating them or blocking IPs, for example. Besides the commercial rules we get for ModSecurity from a third-party security company, we also use our own rules since occasionally we identify specific attacks which aren't yet present in the commercial pack. This way, we can improve the protection of your VPS immediately instead of awaiting an official update.
ModSecurity in Dedicated Servers
ModSecurity comes with all dedicated servers which are set up with our Hepsia Control Panel and you'll not have to do anything specific on your end to employ it because it is turned on by default whenever you include a new domain or subdomain on your hosting server. If it disrupts any of your programs, you will be able to stop it through the respective part of Hepsia, or you could leave it working in passive mode, so it'll detect attacks and will still keep a log for them, but won't prevent them. You could examine the logs later to determine what you can do to increase the protection of your websites as you will find details such as where an intrusion attempt originated from, what site was attacked and based upon what rule ModSecurity reacted, etc. The rules we use are commercial, therefore they're regularly updated by a security firm, but to be on the safe side, our admins also add custom rules from time to time in order to respond to any new threats they have discovered.