ModSecurity Firewall implemented for all VPS servers
We are happy to announce a new enhancement part of our commitment for better security of our web hosting environment.The ModSecurity layer has proven to be very effective in protecting our cloud web hosting environment. Now the ModSecurity protection layer is also available for all VPS servers!
What is ModSecurity?
The ModSecurity Apache module is a great solution forminimizing the number of hack attacks to websites and applications.
It acts as an application-layer firewall and is able to effectively prevent most brute force/ URL forgery attacks and forum spamming attempts targeted at sites.
How does ModSecurity work?
In recent years over 70% of all hacker attacks are carried out at the web application level and being a web application firewall (WAF) itself, ModSecurity effectively addresses this problem.
Its purpose is to establish an external security layer, which allows for HTTP traffic monitoring and real-time analysis, and it offers a powerful API for implementing the advanced protection needed.
This way, the firewall ensures an enhanced level of security, where the malicious attacks are detected and prevented before they reach the web applications.
ModSecurity against brute force attacks
ModSecurity has proven to be very efficient in preventing “brute force” attacks, i.e. the attempts to guess the username and the password of a web application, using a predefined set of usernames and passwords and combining them randomly.
Thanks to the ModSecurity firewall, if there are more than 15 failed login attempts from an IP address within 3 minutes, the IP address will be blocked from accessing the website for a defined period of time.
Since the implementation onto our environment, the ModSecurity plugin has reduced the number of hacked websites on our servers dramatically.
ModSecurity enabled by default on all iClickAndHost VPSs
The ModSecurity firewall is enabled by default on your VPS, so you don’t have to configure anything in order to have your websites protected.
ModSecurity is running in a blocking mode, so it will automatically block all incoming requests that are flagged as insecure according to the commercial rules at http://www.atomicorp.com.
You can access the ModSecurity section in the Hepsia Control Panel from the newly added shortcut on the Control Panel’s home page or from the Advanced drop-down menu:
If you have any questions about ModSecurity and about how it will work on your Virtual Private Server, don’t hesitate to contact our support team by opening a ticket from the hosting Control Panel.