All systems operational New: v2026.7.65 released Release notes →
satis@onox.com.tr Help Center
English
Security

Your server and sites stay secure

The ONOXSOFT hosting panel ships with a multi-layered security stack that protects your server and your clients' sites — from firewall to malware scanning, free SSL to automatic backups. Focus on your business and let the panel handle protection.

WAF / CSF AutoSSL Malware scanning Automatic backups
Layered Defense

Threats stop at the shield, traffic keeps flowing

Brute-force, SQL injection and malicious bots are blocked in the layers before they ever reach the server — legitimate visitors never notice a thing.

ModSecurity WAF + OWASP rule set
fail2ban brute-force jail + firewall
Let's Encrypt SSL + ClamAV antivirus
Katmanlı güvenlik Gelen tehditler kalkanda engellenir; temiz trafik sunucuya ulaşır. brute-force trafik sql-inject WAF fail2ban SSL AV
9 layers
Active security shield
7/24
Automatic scanning & monitoring
Free
AutoSSL on every site
Daily
Automatic backups
01 · Network defense

Stop malicious traffic at the door with the firewall

ONOXSOFT ships with a firewall configured at the server level (WAF + CSF-style packet filter). Known malicious IPs, port scans and suspicious requests are blocked before they reach your server. You manage the rules with one click from the panel and define country-based access policies.

  • Application-layer WAF: SQL injection, XSS and known exploit signatures
  • Port-level inbound/outbound traffic rules, country-based blocking
  • Automatic blocking with continuously updated threat lists
TRAFFIC FILTERING Internet FIREWALL Server clean traffic
Layered protection

The security layers protecting your sites

Each layer works independently; even if one is bypassed, the others stay active. All of them are managed from a single screen in the panel.

24/7 scanning

Malware Scanning & Cleanup

Your server is scanned regularly; malicious files, web shells and injected malware are detected, quarantined or cleaned. You get an instant notification on suspicious changes.

Let's Encrypt

Free SSL / AutoSSL

Let's Encrypt certificates are installed automatically for all your domains and subdomains and renewed before they expire. HTTPS is always on; no manual steps needed.

auto-blocking

Brute-force & DDoS Protection

Failed login attempts and abnormal request floods are detected automatically; attacking IPs are progressively slowed down and blocked. Rate limiting protects panel, FTP and email logins.

panel login

Two-Factor Authentication (2FA)

Protect panel sign-in beyond the password with time-based one-time codes (authenticator app). Even if the password leaks, access to your account is blocked.

per-site isolation

Account Isolation

Every hosting account is isolated from the others (CageFS-like). A compromised site gains no access to other clients' files or resources; neighboring sites are unaffected.

SPF · DKIM · DMARC

Spam & Email Security

Inbound and outbound email passes through the spam filter; SPF, DKIM and DMARC prevent spoofed mail being sent in your domain's name. Your server's IP reputation stays protected.

BACKUP & RESTORE Live site /home/site daily backup → backup · today backup · yesterday backup · 7 days ← one-click restore
08 · Continuity

Automatic backups and restore in minutes

Files, databases and email for every account are backed up automatically. After an attack, an accidental deletion or a bad update, you or your client can roll back to any day with one click from the panel. Backups can be sent to a separate target, so a single failure never touches all of your data.

Scheduled, automatic backups

Scheduled daily or weekly, it runs hands-free and older backups are rotated.

Point-in-time restore

Roll back a whole account or a single site/database to the chosen date in seconds.

09 · Patch management

Always up-to-date PHP and software

Security vulnerabilities mostly come from outdated software. ONOXSOFT keeps the components you run current and patched.

Multiple PHP versions

Pick a separate PHP version for each site; security patches are applied automatically and old, risky versions are gradually retired.

Automatic security patches

Critical security updates for the operating system, web server and panel components are applied on time and without interruption.

Access & audit trails

Who did what, and when? Panel logins and critical changes are recorded; suspicious activity becomes visible.

Security FAQ

Frequently asked questions about billing

How does the firewall protect my sites?
ONOXSOFT ships with a server-level firewall and application-layer protection (WAF). Known malicious IPs, port scans, SQL injection and XSS attempts are blocked before they reach your site. You can manage the rules from the panel.
What happens if malware gets in?
Your server is scanned regularly. When a malicious file or injected code is detected, it is quarantined or cleaned and you are notified. If needed, you can roll back to a clean version from an automatic backup.
Do I have to pay for SSL certificates?
No. Let's Encrypt AutoSSL certificates are installed free of charge for all your domains and subdomains and renewed automatically before they expire. HTTPS stays on at all times.
How do I make panel login more secure?
Enable two-factor authentication (2FA). Alongside your password, a one-time code from the authenticator app is required; even if your password leaks, access to your account is blocked.
Can I recover my data after an attack?
Yes. Your files, databases and email are backed up automatically. From the panel you can restore the whole account or a single site from any day's backup with one click.

See the security inside the panel

WAF, malware scanning, AutoSSL, backups and more — all in one panel. Explore it yourself in the live demo.