Mod_security is an apache module that helps to protect your website from various attacks. It is used to block commonly known exploits by use of regular expressions and rule sets and is enabled on all InMotion servers by default. Mod_Security can potentially block common code injection attacks which strengthens the security of the server. If you need to disable the mod_security rules we can show you how, and help you do so.
When coding a dynamic website, sometimes users forget to write code to help prevent hacks by doing things such as validating input. Mod_security can help in some cases those users that run sites that don't have security checks in their code.
http://www.domain.com/login.php?username=admin'">DROP%20TABLE%20users--
This is a simple SQL injection where visiting this would cause the database to DROP and delete the users table from the database. If you are running Mod_security on your server it will block this from running. Typically, you would see a 406 error in this case if mod_security is enabled. To read more about 406 errors read our article. You set up rules for Mod_security to check http requests against and determine if a threat is present.
If you would like to disable mod_security for all of your domains, please let us know.
