It's drastic but you can set mod security to inactive by domain from hespia. This at least should tell you if mod security is your problem.

Does mod security work on VPS account?

In shared accounts I can see lots of detected attacks, but nothing on OZ01 VPS with Hepsia

Hi clivejo.

The Apache is not configured with mod_security on the Hepsia based VPS Servers.

Here is the current Apache configuration:

Loaded Modules:
core_module (static)
authn_file_module (static)
authn_default_module (static)
authz_host_module (static)
authz_groupfile_module (static)
authz_user_module (static)
authz_default_module (static)
auth_basic_module (static)
file_cache_module (static)
cache_module (static)
disk_cache_module (static)
mem_cache_module (static)
include_module (static)
filter_module (static)
deflate_module (static)
log_config_module (static)
logio_module (static)
env_module (static)
expires_module (static)
headers_module (static)
unique_id_module (static)
setenvif_module (static)
version_module (static)
ssl_module (static)
mpm_prefork_module (static)
http_module (static)
mime_module (static)
status_module (static)
autoindex_module (static)
asis_module (static)
suexec_module (static)
cgi_module (static)
cgid_module (static)
negotiation_module (static)
dir_module (static)
actions_module (static)
userdir_module (static)
alias_module (static)
rewrite_module (static)
so_module (static)
hosting_module (shared)
fcgid_module (shared)
auth_pgsql_module (shared)

If you need assistance with specific WordPress website you can contact me via Personal Message, Ticket or an e-mail.

Best Regards,
Tom.

I had guessed this was the case. Is there a reason as to why its not install/configured? Surely it doesnt work it should be disabled in the Hepsia CP too. Its presence there gives a bit of a false sense of security!!

Hello.

"Is there a reason as to why its not install/configured?"

- Our Developers are working on that.

It is much harder to implement such a change in the VPS Servers configuration as it is on the Shared Hosting Servers, this is the reason these upgrades and features we are making on the Hepsia Control Panel are presented first with the Shared Hosting and later on in the VPS Servers.

Best Regards,
Tom.

Oh I see. Is there any way resellers can help you out on this? Or is it a wait and see?

Hello.

clivejo, thank you for your help, as always!

Our Developers have confirmed that the Apache on Hepsia VPSes will be configured with mod_security soon.

They are ready with the update and it will be implemented in the upcoming week.

Best Regards,
Tom.

Will I be notified or will it be a nice surprise one day?

clivejo, I will notify you!

Best Regards,
Tom.