pci

Hello! I'm having issues trying to turn off/block TLSv1.0 on my VPS. This is required for PCI compliance - I am using the following SSL/TLS protocols SSLv23:!SSLv2:!SSLv3:!TLSv1 in WHM web disk and Cpanel services and all -SSLv2 -SSLv3 -TLSv1 in Apache. I have the default cyphers, but still...

Hi, My PCI security scan is failing because whm/cpanel does not seem to have patched with the April 2017 patch yet. I tried to have my server admin do it but he said it would not work and I had to switch to Maria DB. Does WHM/Cpanel have plans to auto-patch or apply the patch somehow via...

My PCI scans are failing sending a changelog was rejected by controlscan. How can I update bind to get this done? its costing me $29 a month PCI non compliance fee

I have the following 3 failed notification on a new server that I am trying to resolve. I believe that I have tried all the methods I have been able to find through other threads. Amy help would be great. Block cipher algorithms with block size of 64 bits (like DES and 3DES) birthday attack...

I have just moved to cPanel and am really happy with the security it imposed, especially with software version. My server gets checked for vulnerabilities via Beyondsecurity and only some minor issues pop up: FTP Service AUTH TLS Command Support IMAP Service STARTTLS Command Support SSH Server...

I'm having an issue with Trustwave showing a PCI violation on port 21. Block cipher algorithms with block size of 64 bits (like DES and 3DES) birthday attack known as Sweet32 The evidence shows TLSv1_2 : DES-CBC3-SHA (for TLS 1 and 1.1 as well) I've set my TLS Cipher Suite to...

Trustwave does the PCI scans for my server. The 3 ports, 2083, 2087, and 2096 continue to fail for these ciphers: TLSv1_1 : RC4-SHA TLSv1_1 : RC4-MD5 TLSv1_2 : RC4-SHA TLSv1_2 : RC4-MD5 TLSv1_1 : DES-CBC3-SHA TLSv1_2 : DES-CBC3-SHA Here are my current settings in WHM > Service Configuration >...

Hi, After scanning using securitymetrics following points are getting failed. TLS Version 1.0 Protocol Detection (PCI DSS) for port 21 - settings for ftp server configuration are - TLS Encryption Support (required - command) - TLS Cipher Suite...

Hello, Today my customer is came up with a failed PCI report. I have enclosed a screenshot of it and pasting the error below. +++++++++++++ Port Protocol Service CVSS 2083 TCP www 5.00 T itle FAIL TLS Version 1.0 Protocol Detection (PCI DSS) Synopsis: The remote service...

Server unaccessible after changing Web Services Configuration, edited TLS/SSL Protocols. Hi, I changed my cpanel web services configuration by editing the TLS/SSL protocols and made a mistake. Can you help me fix this? I left off one character, a "!" it is supposed to say: "!SSLv3:!TLSv1" but I...

Hi, I run WHM / cPanel on a CentOS 6.8 Final server and I'd like to know if there's away to disable SSLv2 for exim. I am trying to make my server a bit more secure. I received an audit scan today that shows SSLv2 is enabled on port 465 and netstat -anp | grep 465 shows: tcp 0 0...

A recent scan from TrustWave is listing this vulnerability. Details: This is a cipher vulnerability, not limited to any specific SSL/TLS software implementation. DES and Tripple DES (3DES) block ciphers with a block size of 64 bits, have a birthday bound of approximately 4 billion blocks (or 2...

Hi All, I have search far and wide for messages on this so I am going to post and maybe get some answers. We get scans for PCI from securitymetrics and yes it is a pain and yes they are wrong in many ways but I still need to get passed. For port 465 we fail on a "SMTP Service Cleartext Login...

Hi guys, I did exactly what cPanel Documentation said to be super cautious of if you're not an advanced user, which was editing the SSLCipherSuite and SSLProtocol in Home >> Service Configuration >> cPanel Web Services Configuration I thought I had it right, so I saved the configuration I set...

Hello All, I've created SSLProtocol and SSLCipherSuite strings using this Mozilla tool, now trying to insert SSLProtocol result at Home »Service Configuration »cPanel Web Services Configuration. The string is "all -SSLv3 -TLSv1 -TLSv1.1" (apache 2.4.18 | modern profile | OpenSSL 1.0.1k) The...

I've got a new Trustwave wrinkle: Insecure ARCFOUR Encryption: arcfour, arfour128 and arcfour256 on port 22. and "SSH arcfour encryption algorithms supported" I checked /etc/ssh/ssh_config, but the ciphers are commented out. Where are the ciphers set for ssh? (they aren't in sshd_config...

Hi All, My application is using Windows Server2003 SP2 and we have enabled TLS1.0. Can I check how do I check the Cipher Suite that is enabled in the server ? I am not able to find the option "SSL Configuration Option" in the Group Policy Editor. Is the below the default list of ciphers for...

Hello everyone, While our servers have been passing PCI certification without problem, the latest one failed to pass because the server accepts connections to /img-sys/ The error is: Vulnerability: Undefined CVE, Click Jacking instance: /img-sys/ level: medium score: 4.3 status: FAIL Notes...

Hello, I run a VPS that GoDaddy leases me running CentOS 6.8 with Apache 2.4.18 and OpenSSL 1.0.1e-fips. If I wanted to enable "Perfect" Forward Secrecy (the Elliptic Curve Diffie-Hellman and the Diffie-Hellman cipher suites), would I need to custom compile OpenSSL and curl? Does cPanel...

I'm having an issue with Controlscan showing I'm not compliant for ports open in the firewall for passive FTP. Information From Target: Service: 37557:TCP Server accepted SSL 3.0 RC4 cipher: SSL3_CK_RSA_RC4_128_MD5 Information From Target: Service: 51838:TCP Supported ciphers...