A few months back I had went ahead and setup ModSecurity on all of our hosting servers. Over the past months I have been doing some monitoring and tweaking of the settings to try to create the perfect environment for your average webmaster, and your seasoned developer. I’m happy to announced that we now have the ModSecurity Apache plugin running smoothly on all of our web hosting servers. ModSecurity is a small tool that does a big job. It’s an application-layer firewall that will effectively prevent most URL forgery hacker attacks and forum spamming attempts targeted at your websites.
ModSecurity is enabled by default for all the websites on our hosting. You don’t have to configure or set up anything in order to have your website protected by ModSecurity. Currently, ModSecurity is enabled in a blocking mode, so it will automatically block all incoming requests that are flagged as insecure. We are using the commercial rules provided at at http://www.atomicorp.com to detect all insecure website requests.
As of this week, ModSecurity will also prevent “brute force” attacks. A brute force attack stands for an attempt to guess the username and password of a web application, using a predefined set of usernames and passwords and combining them at random. If there are more than 15 failed login attempts from an IP address within 3 minutes, the IP address will be blocked from the website for the next 30 minutes.
To further help the ModSecurity plugin combat brute force attacks, I have went ahead and modified our App Installer to replace the default “admin” username, which is used by the majority of web applications by default. Make sure you take note of the username presented to you after a successful application install.