ModSecurity in Shared Web Hosting
ModSecurity comes standard with all shared web hosting plans that we provide and it'll be activated automatically for any domain or subdomain you add/create within your Hepsia hosting CP. The firewall has three different modes, so you could activate and disable it with only a mouse click or set it to detection mode, so it shall keep a log of all attacks, but it shall not do anything to prevent them. The log for each of your websites shall feature comprehensive information including the nature of the attack, where it originated from, what action was taken by ModSecurity, and so on. The firewall rules which we use are frequently updated and consist of both commercial ones which we get from a third-party security business and custom ones which our system admins include in case that they detect a new kind of attacks. That way, the Internet sites you host here will be far more protected without any action expected on your end.
ModSecurity in VPS Servers
Protection is essential to us, so we set up ModSecurity on all VPS servers which are made available with the Hepsia Control Panel by default. The firewall could be managed through a dedicated section in Hepsia and is switched on automatically when you include a new domain or generate a subdomain, so you'll not have to do anything personally. You shall also be able to deactivate it or turn on the so-called detection mode, so it shall keep a log of potential attacks you can later examine, but will not stop them. The logs in both passive and active modes offer info regarding the form of the attack and how it was stopped, what IP it came from and other useful data which could help you to tighten the security of your sites by updating them or blocking IPs, for example. In addition to the commercial rules that we get for ModSecurity from a third-party security company, we also employ our own rules as occasionally we discover specific attacks which are not yet present within the commercial package. That way, we could increase the security of your VPS immediately rather than awaiting a certified update.