I am having compliance scans coming back as failing. I am using version 1.5.1. Most of the issues are referring to OpenSSH and Apache. Are those issues that would go away upgrading to 1.5.4 or are they problems with my hosting service? Between the scan company my rep at my merchant services, and my hosting company I can not get a straightforward answer. I am in the middle of trying to launch new product and would like to put off upgrading for a little while, but if upgrading would fix these issues I'll just have to give up sleep for a few days and get it done.
Thanks
Thread: PCI Compliance
Results 1 to 8 of 8
-
1 Oct 2015, 09:31 PM #1
New Zenner
- Join Date
- Jul 2013
- Posts
- 16
- Plugin Contributions
- 0
PCI Compliance
-
1 Oct 2015, 09:39 PM #2
Totally Zenned
- Join Date
- Jul 2012
- Posts
- 16,735
- Plugin Contributions
- 17
Re: PCI Compliance
If able, I think it would help to know what "issues" with OpenSSH and Apache are being identified, though perhaps others may know enough from that statement to provide a clear answer...
ZC Installation/Maintenance Support <- Site
Contribution for contributions welcome...
-
1 Oct 2015, 10:02 PM #3
New Zenner
- Join Date
- Jul 2013
- Posts
- 16
- Plugin Contributions
- 0
Re: PCI Compliance
One of the recomendations is to upgrade from OpenSSH 5.1 to version 7. Doing that would get rid of like 10 alerts the scan is showing. Problem is, I have absolutely no clue what they are talking about is OpenSSH on the host server end or is that part of zencart?
-
1 Oct 2015, 11:24 PM #4
Totally Zenned
- Join Date
- Aug 2009
- Location
- North Idaho, USA
- Posts
- 2,008
- Plugin Contributions
- 1
Re: PCI Compliance
That's a host issue to correct though sometimes difficult for a host to change versioning on a shared server due to potential impact of other tenants. Very few PCI issues have ever been related to zencart from my past 6 years of having scans performed monthly.
It is very rare for to pass without having to correct something. Today, it was 6 ports that were closed by server IPS during the middle of the scan even with the PCI scanner's IP addresses being whitelisted. It is hard to imagine failing a scan because IPS was doing the job it was designed to do.Rick
RixStix (dot) com
aka: ChainWeavers (dot) com
-
2 Oct 2015, 01:10 AM #5
New Zenner
- Join Date
- Jul 2013
- Posts
- 16
- Plugin Contributions
- 0
Re: PCI Compliance
Thank you for the replies, it is a shared server, time to look into other options.
-
Re: PCI Compliance
Some (but not all) of the hosts on this page boast PCI compliance: Related Services
.
Zen Cart - putting the dream of business ownership within reach of anyone!
Donate to: DrByte directly or to the Zen Cart team as a whole
Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.
-
3 Nov 2015, 10:46 PM #7
New Zenner
- Join Date
- Oct 2010
- Location
- Indiana
- Posts
- 69
- Plugin Contributions
- 0
Re: PCI Compliance
I am also failing my PCI compliance for: TLSv1.0 Supported
I did the poodle updates, but this is still showing up. .
Any thoughts on what I can do to fix this?
I am not a developer so I have no idea how to code, but I can find the code and update with my cpanel.
using: v1.5.4
www.prowoodfingerboards.com
host: siteground
I have loads of custom code and all kinds of plug ins..
thoughts?
-
4 Nov 2015, 12:47 AM #8
New Zenner
- Join Date
- Oct 2010
- Location
- Indiana
- Posts
- 69
- Plugin Contributions
- 0
Re: PCI Compliance
My host was able to fix this.. so sorry for the interruption. thanks
Reply With Quote
Bookmarks