Web hosting industry is an important industry for Comodo.
Protecting web sites is an important function as attacks against websites increase and not only are the businesses running these websites are under attack, but visitors who use these websites are also vulnerable due to compromised web servers and web sites.
Comodo is a company who sees the threat on daily basis on both sides of the fight, consumer side and business side. We see it in the consumer side because we protect tens of millions of users using our Antivirus products. We see it on the business site because we monitor and protect businesses and their website with products like www.hackerguardian.com and www.webinspector.com.
So, this puts Comodo in the position of most capable company who can produce the mod_sec rules and do so very effectively. And here we are, we decided to build the infrastructure and provide mod_sec rules for FREE! (there might be different variation in future but we will always provide some free version so that you can be secure).
Here is our promise to you: We will work with you to protect your web sites and web servers! Talk to us about problems/attacks you are facing and let us provide you mod_sec rules for free to protect yourself.
In case this is for cPanel, there’s a great tool called ConfigServer ModSecurity Control (cmc) which allows you to control the domains you wish to protect (or not) with mod_security as well as see the mod_security logfile with detailed information about each entry. Additionally you can edit the mod_security conf files from there.
This is really great that comodo is providing a free set of modsecurity rules. Just wondering, how often are the rules updated? and how strict are they (will they cause a lot of false alarms with common scripts like WP, Joomla, etc)?
We have over 70M users with our Free antivirus products and FP is an important thing to watch for them too. Our AV labs are well trained to “hate FPs” :).
Of course nothing is 100% and the key is, our AV labs guys are present here in this forum 24/7. If you get any FP, you can report via the application or come here and tell us, we’ll see to it immediately and release patch.
How fast are the updates? As fast as a new vulnerability is found. We are constantly watching any new vulnerability, the second we find out, is the second we start writing the rules.
Basically, you may use web-browser to send some hackers requests, trying SQL injection or XSS. Or try to use some kind of vulnerability scanner, like Comodo Hacker Guarduan: http://www.hackerguardian.com/