New ModSecurity Rules Deployed
- Friday, 16th October, 2015
- 09:46am
Unless you're an IT boffin your first reaction on reading the subject of this article was "What The Fudge is ModSecurity!?".
So just to bring you up to speed, ModSecurity is an Open Source Web Application Firewall and, in short, it acts as a buffer between your website and the website visitor and the outside world. Before your website is served to a visitor the request goes through the ModSecurity firewall and the firewall decides if it's safe to process the request, or if it needs to be blocked as malicious.
The ModSecurity Firewall is made up of a large number of rules that are designed to stop common exploits in their tracks before they can do any damage.
We have recently been testing our updated rule set on a couple of servers and they appeared to work well so today, (Friday the 16th October), we have deployed the updated rule set to all Shared and Reseller servers.
The reason for notifying you of this is because there is a slight possibility that with so many different scripts running on our shared servers, there may be a few false positives so if we could ask you to keep an eye on your websites and let us know if you come across any abnormal behaviour. We will, of course, be doing the same from this end, but two sets of eyes are always better than one!
We should stress that this ModSecurity update doesn't mean you should take your eye off the ball when it comes to following your own good security practices, so you should remember to always keep your scripts up to date (particularly free scripts such as Wordpress) with the latest secure versions, delete any scripts (including plugins, widgets and themes) you no longer use and ALWAYS use strong passwords for your user accounts.