Posts tagged PCI
Upgrading PHP on a windows plesk server
Jul 27th
PHP comes pre-installed along with Plesk on a windows server, and by default, PHP only gets upgraded as new versions of Plesk are released. Unfortunately the release cycle of the Plesk Control Panel does not keep pace with that of PHP, so the result is that VPS / VDS Containers are often running versions of PHP that are several versions older than the current release. This can be an issue when you are trying to get PCI compliant
Follow the sets below to upgrade PHP
In order to upgrade PHP 5.x to the needed version (beyond that which is current bundled with the Plesk Control Panel), please perform the following steps…
How to configure Microsoft IIS to not accept SSLv2 connections
Jun 30th
Had this pop up on a PCI scan on one of the windows servers I look after with a plesk control panel. The report was moaning about SSLv2 being enabled, below is the actual report
More >
PCI Scan – Plesk PHP easter egg issue
Jun 25th
PCI Scan – Plesk PHP easter egg issue
If your PCI scan reports the following:
Port: 8443
Synops is: The configuration of PHP on the remote host allows disclosure of sensitive
information.
Check SSL certificate expiration and other information
May 20th
Check SSL certificate expiration and other information
openssl is the handest tool to check SSL information and this command is available on most Linux systems. Getting the information is a simple one-line command, invoking openssl twice — one time to connect and the other to parse the certificate and show you the data:
openssl s_client -connect www.google.com:443 | openssl x509 -text
You get the following output when you run the above command
PCI Compliance Expect Header Cross-Site Scripting Vulnerability (8443, plesk)
Feb 22nd
PCI compliance Expect Header Cross-Site Scripting Vulnerability
If you get the following warning in a PCI scan:
Security warning found on port/service "pcsync-https (8443/tcp)" Plugin "Expect Header Cross-Site Scripting Vulnerability" Category "CGI abuses : XSS " Priority "Medium Priority "Synopsis : The remote web server is vulnerable to a cross-site scripting attack. Description : The remote web server fails to sanitize the contents of an 'Expect' request header before using it to generate dynamic web content. An unauthenticated remote attacker may be able to leverage this issue to launch cross-site scripting attacks against the affected service, perhaps through specially-crafted ShockWave (SWF) files More >
PCI Compliance for Plesk (linux)
Dec 23rd
PCI Scanning stands for “Payment Card Industry” scanning. It involves having a PCI ASV (Approved Scanning Vendor) scan any and all IP addresses that the public has access to, related to your website or your site’s transaction process.
The following guide assumes you are working with a Plesk 8.6 (or above) installation on RedHat Enterprise or CentOS Linux. You will need shell / root access to your server running Plesk, if you do not have shell / root access then you will need to ask your server hosts to make the changes.
WARNING:This document does not serve as a comprehensive source for PCI compliance advice. The reader is expected to have some basic systems administration experience. Do not copy and paste examples directly from this document without first understanding their implications.
