Home > Rapid Purple News > Service Updates > ModSecurity Enabled On All Hosting Accounts

ModSecurity Enabled On All Hosting Accounts

A few months back I had went ahead and setup ModSecurity on all of our hosting servers. Over the past months I have been doing some monitoring and tweaking of the settings to try to create the perfect environment for your average webmaster, and your seasoned developer. I’m happy to announced that we now have the ModSecurity Apache plugin running smoothly on all of our web hosting servers. ModSecurity is a small tool that does a big job. It’s an application-layer firewall that will effectively prevent most URL forgery hacker attacks and forum spamming attempts targeted at your websites.

ModSecurity is enabled by default for all the websites on our hosting. You don’t have to configure or set up anything in order to have your website protected by ModSecurity. Currently, ModSecurity is enabled in a blocking mode, so it will automatically block all incoming requests that are flagged as insecure. We are using the commercial rules provided at at http://www.atomicorp.com to detect all insecure website requests.

As of this week, ModSecurity will also prevent “brute force” attacks. A brute force attack stands for an attempt to guess the username and password of a web application, using a predefined set of usernames and passwords and combining them at random. If there are more than 15 failed login attempts from an IP address within 3 minutes, the IP address will be blocked from the website for the next 30 minutes.

To further help the ModSecurity plugin combat brute force attacks, I have went ahead and modified our App Installer to replace the default “admin” username, which is used by the majority of web applications by default. Make sure you take note of the username presented to you after a successful application install.

About Michael Boguslavskiy

Michael Boguslavskiy is a full-stack developer & online presence consultant based out of New York City. He's been offering freelance marketing & development services for over a decade. He currently manages Rapid Purple - and online webmaster resources center; and Media Explode - a full service marketing agency.

Check Also

Website Loading

8 Steps to Decrease Website Loading Time by 50%

Does your website give a common tree sloth delusions of speedy grandeur? Do visitors sit ...

Like every other website, this site uses cookies to analyze our traffic. Cookies may also be utilized by our advertisers and partners. By using this website you agree to the use of said cookies. More Information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings, continuing to navigate past this message, or you click "Accept" below then you are consenting to the use of cookies on the Rapid Purple website.