Implementing new ModSecurity rules in the fight against malware
After a month of very successful testing, we are glad to announce the implementation of new ModSecurity rules to our shared hosting environment. This means that as our customers, you will be better protected from malicious traffic and potential malicious attacks.
We will let Jani from Malware Expert, the company providing these rules which we recently partnered with, share more details regarding their product in a blitz style interview below.
FastComet: Can you give us a little bit of background information about your company and yourself?
Jani: My name is Jani and I am interested in everything related to computers since I was 10 years old (Over 30 years ago). My Holding Company – Willberg Co Oy, was founded 2010. I also own other smaller companies, the newest of which is Malware Expert. I hope that someday, we at Malware Expert will come up with something big, that will change the game and will allow us to do more of this, as it is something I am really interested in doing.
FastComet: Tell us, Jani, what level of protection does these custom rules offer?
Jani: When we started over ten years ago, our rules main focus was drop/block automatics attacks to the customer’s website. We used Hardware Firewall for these cases before, but there were limited options on what can be blocked. A few years ago we started using ModSecurity, so I translated the rules we were using to ModSecurity and the result was a better prevention of malicious attacks.
The main issue at hand is, that customers will upload and install old versions of Content Management Systems (CMS), plugins and Themes. Website makers don’t very often try to sell Update Services (which prevent most hacking attempts) for CMS or the customer just don’t want to pay for such services.
In the old days, if a customer’s website was hacked, we would close the site, removed all files and then re-open it again. Naturally, the customer was really angry about that, and in many cases even wanted to provide them with a backup which would have included the hacked files.
Now with these rules, we are almost in the zero % rate of hacked sites. If still someone gets hacked, we can manually remove the Malware with our Malware Signatures. This saves us a lot of time and leaves us more productive while making the customers more satisfied.
FastComet: Against what type of attacks are these rules protecting the customers’ websites?
Jani: Our rules are generic, real life protection against what we have seen in the following categories of attacks:
- Http Downloads
- SQL injection
- Local File Inclusion
- Remote File Inclusion
- Remote Code Execution
- PHP Code Injection
While still keeping everything working with minimal false positives.
We would like to thank Jani for the time taken in doing this short interview and his co-operation during the testing of the ModSecurity rules on our custom environment. This is the next natural step in the continuous hardening of the security of our servers, as we believe security is an essential part of providing a high-quality hosting service.
The latest tips and news from the industry straight to your inbox!
Join 30,000+ subscribers for exclusive access to our monthly newsletter with insider cloud, hosting and WordPress tips!