11-14-2007, 06:04 PM
Below are the common reasons our servers "fail" PCI complance checks. All of these are either "false-positives" or easily corrected once your account is setup.
Issue #1
This SMTP server is running on a non standard port. This might be a backdoor set up by
attackers to send spam or even control your machine. Solution: Check and clean your
configuration Risk Factor: Medium
Solution: This is a "false-positive". We allow people to use port 25 or 2525 depending of the specific requirements of their ISP. It creates no security risk.
Issue #2
Synopsis : The remote service encrypts traffic using a protocol with known weaknesses.
Description : The remote service accepts connections encrypted using SSL 2.0, which
reportedly suffers from several cryptographic flaws and has been deprecated for several years.
Solution: If the server your account is created on needs SSLv2 disabled, we will do so once the account is setup.
Issue # 3 (for http and https)
Synopsis : The remote Apache server can be used to guess the presence of a given user
name on the remote host. Description : When configured with the 'UserDir' option, requests to
URLs containing a tilde followed by a username will redirect the user to a given subdirectory in
the user home.
Solution: Once you are assigned a dedicated IP address we will disable the 'UserDir' option for your account.
If you have any further questions regarding PCI compliance, please feel free to submit a support ticket with your questions:
http://support.a2hosting.com
Issue #1
This SMTP server is running on a non standard port. This might be a backdoor set up by
attackers to send spam or even control your machine. Solution: Check and clean your
configuration Risk Factor: Medium
Solution: This is a "false-positive". We allow people to use port 25 or 2525 depending of the specific requirements of their ISP. It creates no security risk.
Issue #2
Synopsis : The remote service encrypts traffic using a protocol with known weaknesses.
Description : The remote service accepts connections encrypted using SSL 2.0, which
reportedly suffers from several cryptographic flaws and has been deprecated for several years.
Solution: If the server your account is created on needs SSLv2 disabled, we will do so once the account is setup.
Issue # 3 (for http and https)
Synopsis : The remote Apache server can be used to guess the presence of a given user
name on the remote host. Description : When configured with the 'UserDir' option, requests to
URLs containing a tilde followed by a username will redirect the user to a given subdirectory in
the user home.
Solution: Once you are assigned a dedicated IP address we will disable the 'UserDir' option for your account.
If you have any further questions regarding PCI compliance, please feel free to submit a support ticket with your questions:
http://support.a2hosting.com