pci

In dealing with security metrics I get this feeling like cpanel is just some small obscure thing that only a few dozen people use on the whole planet for hosting and nobody else. Yet the usage numbers indicate that they should be dealing with customers cpanel pci issues on a minute by minute...

Running a test at Qualys resulted in seeing a number of insecure cyphers that prevented me from getting an acceptable "A" grade. Since WHM / CPanel has its own way of doing things, I preferred to get a more official response as to how to remove these Cyphers that most respected places shouldn't...

I'm sure this has been asked 100 times, but I couldn't find the answer. I have a cPanel server with GoDaddy - Not a WHM - just cPanel - the ONLY thing left to pass PCI is plaintext login on 21/25/110/587 I'm looking for suggestions as what I can do / tell trustwave to get it to pass...

This may be a dumb question but when I was trying to change some settings under apache configuration -> global and changed few settings to PCI recommended, following another instruction page I found to make server more secure.... after clicking submit, it stopped all my web service. My guess...

I'm a reseller. One of my hosting members had a PCI scan that failed. Almost all of the failures have to do with ssl like: The SSL certificate for this service cannot be trusted. The SSL certificate chain for this service ends in an unrecognized self-signed certificate. My host is...

I've got a valid SSL on my site and if I go to https://mydomain.com it loads just fine without any problems. In my PCI scan, however, I get the following warnings: And then it gives me these port numbers: 995 tcp 993 tcp 465 tcp 143 tcp 110 tcp 21 tcp I'm guessing that even though...

Using FTP with TLS/SSL (Auth TLS – Explicit) is slower and sometimes it times out the the slow connection. Using SFTP on port 220 works better and faster connection after I had to get the ftp client to accept it configured right. I can say this it will be confusing for non technical...

I have spent days trying to figure this out and I really need help. Qualys is now failing our PCI scan with: QID: 38142 SSL Server Allows Anonymous Authentication Vulnerability Port 21 Their solution is to set the PureFTP TLSCipherSuite to -ALL +SSLv3 +TLSv1. This setting causes the FTP...

Hello, I am working on pci compliance. I am wondering if I need a hostname SSL (host.domain.com) for my services (ftp, email etc) issued from a CA, or if a self signed will pass. Cheers

I got hit on a PCI compliance issue where cpdavd is accessible via http. I found several older threads about this, but they all indicate that the issue should be close now that I'm on 11.30.4. If I go to my server via server.com I get a login pop up. Shouldn't that be forced to https?

I notice that most have CSF configured for TCP_OUT = 3306 as we do. But now this has become a PCI compliance issue. So I am wondering about the logic in opening the MySQL port for outbound traffic? Is this something which is routinely used by the cPanel/WHM system?

I've read a lot of threads here and on other websites about configuring a server ready to become PCI compliant. I'm having trouble fixing just a few issues under WHM/cPanel. My main problem is as follows: I have tried everything I can to fix this one, with no success. Could anybody...

One of our hosted members just approached us with this failure. I am working with a tech at ThePlanet to come up with a response for this one, but it seams that every server that is on a public network is going to get this failure: -------------------------------- Description: TCP reset...

Hi there, Firstly, sorry for the long post this could be but I think it only fitting to give some background if I am hopeful enough to get a response. As you will quickly gather we are not experts by any stretch of the imagination. We have a dedicated cPanel server hosting four accounts...

I am running the HackerGuardian PCI Compliance test and I am getting the following security warning: Security warning found on port/service "nbx-ser (2095/tcp)" Plugin "Ruby on Rails Session Fixation Vulnerability" Category "Web Servers " Priority "Medium...

I am trying to set up my server to pass the PCI compliance test administered by SecurityMetrics. They have identified several issues that I can easily correct like FP extensions (turned them off) and disable UserDir. The big issue that I have is of Weak Ciphers. I have done a lot of...

Hi, am looking to update a few of my servers to comply with PCI. i done some checked with Hacker Guardian, I am just a little unsure how to them and if it would cause other things to stop working or give me errors etc. My specs are : Centos 5 Apache/2.2.11 (Unix) mod_ssl/2.2.11...

Here are the latest failures: 2083 - Missing Secure Attribute in an Encrypted Session (SSL) Cookie - The application sets a cookie over a secure channel without using the "secure" attribute. RFC states that if the cookie does not have the secure attribute assigned to it, then the cookie can...

On ports 465, 993, 995, 2083, 2087, 2096 I have SSLv3 and TLSv1 setup. During PCI scanning I now get the message: Weak Supported Ssl Ciphers Suites on these ports. How can I manually change these ports to use a strong enough cipher to pass PCI scanning?

During PCI compliance scanning the following directories were discovered and / or indexable. How can I fix this (remove, block, or whatever)? /usr/local/cpanel/img-sys/ /usr/local/cpanel/java-sys/ /usr/local/apache/icons/ /usr/local/apache/manual/ /usr/local/apache/manual/images/ Thanks!