Every server in our hosting fleet is protected by multiple layers of security including a network firewall, web application firewall, malware scanner, and account isolation. This page describes each layer and how it protects your website.
4 Layers of Protection on Every Server
- ✓ CSF Firewall - blocks brute force attacks and suspicious connections
- ✓ ModSecurity - blocks SQL injection, XSS, and web application attacks
- ✓ Imunify360 - real-time malware scanning and automatic cleanup
- ✓ CloudLinux - isolates every account from every other account
01. CSF Network Firewall
All servers run CSF (ConfigServer Security & Firewall), an advanced stateful packet inspection firewall with Login Failure Daemon (LFD). It monitors connections in real time and automatically blocks IP addresses that show suspicious activity, including brute force login attempts, port scanning, and excessive connections.
CSF is also what blocks your IP if you enter wrong passwords too many times. See our firewall unblock guide if this happens to you.
02. ModSecurity Web Application Firewall
ModSecurity runs on every server with the OWASP Core Rule Set (CRS), protecting your website against common web attacks including SQL injection, cross-site scripting (XSS), remote file inclusion, and remote code execution. It inspects every HTTP request before it reaches your website.
Occasionally ModSecurity may block legitimate requests that match an attack pattern (false positive). If this happens, open a support ticket and we can add a targeted exception for your account. See our ModSecurity error guide for common false positives.
03. Imunify360 Malware Protection
Imunify360 provides real-time malware scanning, proactive defense against zero-day attacks, and automatic cleanup of infected files. It scans your files daily and quarantines anything suspicious. If malware is detected, you'll see a notification in cPanel.
For WordPress sites, we also recommend our WordPress Security Guide and our guide on fixing a hacked WordPress site.
04. CloudLinux Account Isolation
CloudLinux isolates every hosting account in its own lightweight container with dedicated CPU, memory, and I/O limits. Even if another account on the same server were compromised, the attacker could not access your files, databases, or email. This also prevents noisy-neighbor problems where one busy site affects others on the same server.
05. What to Do If You Get Blocked
If the firewall blocks your IP (usually from too many incorrect password attempts), you can unblock yourself instantly:
- Visit my.ultrawebhosting.com from the blocked connection
- The unblock tool will appear showing your blocked IP
- Click to unblock
For full details on why blocks happen and how to prevent them, see our Firewall Block guide.
Security Concern?
If you suspect your site has been compromised, or if you have specific security requirements, our team can help.
Open a Support TicketLast updated March 2026 · Browse all General articles · See also: Infrastructure | Unblock Your IP
