1. X

    SecurityMetrics and whm service ports questions

    In dealing with security metrics I get this feeling like cpanel is just some small obscure thing that only a few dozen people use on the whole planet for hosting and nobody else. Yet the usage numbers indicate that they should be dealing with customers cpanel pci issues on a minute by minute...
  2. S

    SOLVED How to Disable Insecure Cyphers SSL

    Running a test at Qualys resulted in seeing a number of insecure cyphers that prevented me from getting an acceptable "A" grade. Since WHM / CPanel has its own way of doing things, I preferred to get a more official response as to how to remove these Cyphers that most respected places shouldn't...
  3. S

    PCI & Email/FTP Ports - cPanel only NOT WHM

    I'm sure this has been asked 100 times, but I couldn't find the answer. I have a cPanel server with GoDaddy - Not a WHM - just cPanel - the ONLY thing left to pass PCI is plaintext login on 21/25/110/587 I'm looking for suggestions as what I can do / tell trustwave to get it to pass...
  4. B

    Apache PCI compliant settings cause services to stop

    This may be a dumb question but when I was trying to change some settings under apache configuration -> global and changed few settings to PCI recommended, following another instruction page I found to make server more secure.... after clicking submit, it stopped all my web service. My guess...
  5. P

    PCI and private ssl

    I'm a reseller. One of my hosting members had a PCI scan that failed. Almost all of the failures have to do with ssl like: The SSL certificate for this service cannot be trusted. The SSL certificate chain for this service ends in an unrecognized self-signed certificate. My host is...
  6. C

    PCI SSL Self-Signed Certificate Problem

    I've got a valid SSL on my site and if I go to https://mydomain.com it loads just fine without any problems. In my PCI scan, however, I get the following warnings: And then it gives me these port numbers: 995 tcp 993 tcp 465 tcp 143 tcp 110 tcp 21 tcp I'm guessing that even though...
  7. vlee

    FTP Server - PCI Compliance

    Using FTP with TLS/SSL (Auth TLS – Explicit) is slower and sometimes it times out the the slow connection. Using SFTP on port 220 works better and faster connection after I had to get the ftp client to accept it configured right. I can say this it will be confusing for non technical...
  8. M

    Port 21 PCI Failures after upgrade to 11.32

    I have spent days trying to figure this out and I really need help. Qualys is now failing our PCI scan with: QID: 38142 SSL Server Allows Anonymous Authentication Vulnerability Port 21 Their solution is to set the PureFTP TLSCipherSuite to -ALL +SSLv3 +TLSv1. This setting causes the FTP...
  9. K

    PCI Compliance questsion. Hostname SSL required?

    Hello, I am working on pci compliance. I am wondering if I need a hostname SSL (host.domain.com) for my services (ftp, email etc) issued from a CA, or if a self signed will pass. Cheers
  10. Serra

    [Case 35876] cpdavd via http PCI compliance issue

    I got hit on a PCI compliance issue where cpdavd is accessible via http. I found several older threads about this, but they all indicate that the issue should be close now that I'm on 11.30.4. If I go to my server via server.com I get a login pop up. Shouldn't that be forced to https?
  11. J

    CSF question (mostly) - Why open 3306 for outbound connections? PCI compliance issue.

    I notice that most have CSF configured for TCP_OUT = 3306 as we do. But now this has become a PCI compliance issue. So I am wondering about the logic in opening the MySQL port for outbound traffic? Is this something which is routinely used by the cPanel/WHM system?
  12. R

    PCI Compliance

    I've read a lot of threads here and on other websites about configuring a server ready to become PCI compliant. I'm having trouble fixing just a few issues under WHM/cPanel. My main problem is as follows: I have tried everything I can to fix this one, with no success. Could anybody...
  13. J

    Irresolvable PCI scan failure???

    One of our hosted members just approached us with this failure. I am working with a tech at ThePlanet to come up with a response for this one, but it seams that every server that is on a public network is going to get this failure: -------------------------------- Description: TCP reset...
  14. H

    PCI DSS + Firewall NAT + cPanel

    Hi there, Firstly, sorry for the long post this could be but I think it only fitting to give some background if I am hopeful enough to get a response. As you will quickly gather we are not experts by any stretch of the imagination. We have a dedicated cPanel server hosting four accounts...
  15. A

    Ruby On Rails error on PCI test

    I am running the HackerGuardian PCI Compliance test and I am getting the following security warning: Security warning found on port/service "nbx-ser (2095/tcp)" Plugin "Ruby on Rails Session Fixation Vulnerability" Category "Web Servers " Priority "Medium...
  16. F

    PCI Compliance

    I am trying to set up my server to pass the PCI compliance test administered by SecurityMetrics. They have identified several issues that I can easily correct like FP extensions (turned them off) and disable UserDir. The big issue that I have is of Weak Ciphers. I have done a lot of...
  17. S

    PCI Advice

    Hi, am looking to update a few of my servers to comply with PCI. i done some checked with Hacker Guardian, I am just a little unsure how to them and if it would cause other things to stop working or give me errors etc. My specs are : Centos 5 Apache/2.2.11 (Unix) mod_ssl/2.2.11...
  18. E

    insecure cookie(port 2083) PCI failure

    Here are the latest failures: 2083 - Missing Secure Attribute in an Encrypted Session (SSL) Cookie - The application sets a cookie over a secure channel without using the "secure" attribute. RFC states that if the cookie does not have the secure attribute assigned to it, then the cookie can...
  19. R

    PCI: Weak Supported Ssl Ciphers Suites on 465, 993, 995, 2083, 2087, 2096

    On ports 465, 993, 995, 2083, 2087, 2096 I have SSLv3 and TLSv1 setup. During PCI scanning I now get the message: Weak Supported Ssl Ciphers Suites on these ports. How can I manually change these ports to use a strong enough cipher to pass PCI scanning?
  20. R

    PCI Compliance: Indexable and Discovered Directories

    During PCI compliance scanning the following directories were discovered and / or indexable. How can I fix this (remove, block, or whatever)? /usr/local/cpanel/img-sys/ /usr/local/cpanel/java-sys/ /usr/local/apache/icons/ /usr/local/apache/manual/ /usr/local/apache/manual/images/ Thanks!