modsecurity - shared hosting

Community support for Plesk, CPanel, WebMin and others with insight from two of the founders of Plesk. Ask for help here! No question is too simple or complicated. :-)
faris
Long Time Forum Regular
Long Time Forum Regular
Posts: 2321
Joined: Thu Dec 09, 2004 11:19 am

Re: modsecurity - shared hosting

Unread post by faris »

I give them a redacted output of all the rules that triggered in the past 30 days on their site and point out to them that without mod_sec/ASL their 100 year old install of Typo/Joomla/WordPress/badly-written own php/whatever would have been hacked to hell, and possibly the server too.

I do also point out that not all the hack attempts would have worked, but the point is that they think they can upload anything they like and it will be fine and don't realise the bad guys try over and over and over again until they get in.


Faris.
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
hostingguy
Forum Regular
Forum Regular
Posts: 661
Joined: Mon Oct 29, 2007 6:51 pm

Re: modsecurity - shared hosting

Unread post by hostingguy »

You can always turn off the active response so that they are not shunned - then if its an FP or a spoofed IP or somethign you dont block people and they can keep trying on the site and just think that maybe a single page has a problem and will call you for help.
Post Reply