ModSecurity in Cloud Hosting
ModSecurity is provided with all cloud hosting machines, so when you opt to host your Internet sites with our company, they will be resistant to an array of attacks. The firewall is turned on as standard for all domains and subdomains, so there will be nothing you will have to do on your end. You will be able to stop ModSecurity for any site if required, or to enable a detection mode, so that all activity shall be recorded, but the firewall won't take any real action. You will be able to view detailed logs from your Hepsia CP including the IP address where the attack originated from, what the attacker wanted to do and how ModSecurity addressed the threat. As we take the protection of our clients' websites very seriously, we employ a group of commercial rules that we get from one of the leading firms that maintain this kind of rules. Our admins also include custom rules to ensure that your Internet sites shall be shielded from as many risks as possible.
ModSecurity in VPS Servers
Safety is essential to us, so we install ModSecurity on all VPS servers which are provided with the Hepsia Control Panel as a standard. The firewall can be managed through a dedicated section inside Hepsia and is turned on automatically when you include a new domain or create a subdomain, so you'll not need to do anything manually. You shall also be able to deactivate it or switch on the so-called detection mode, so it'll keep a log of potential attacks that you can later study, but shall not stop them. The logs in both passive and active modes include info regarding the type of the attack and how it was eliminated, what IP it originated from and other useful info that could help you to tighten the security of your Internet sites by updating them or blocking IPs, for example. Beyond the commercial rules that we get for ModSecurity from a third-party security enterprise, we also implement our own rules since every now and then we discover specific attacks that are not yet present within the commercial package. That way, we could enhance the security of your Virtual private server immediately as opposed to awaiting an official update.