PCI complience?


New Member
I have a VPS-Ltx package and we're getting penalty charges from Authorize.net because our site failed a Security Metrics PCI audit. We have the list of proposed solutions. Are these all updates that I can/should be doing myself, or should I be contacting support?

  • Upgrade to PHP version 5.2.8 or later
  • Disable mod_frontpage
  • Disable anonymous FTP logins (I think I know how/where to do this)
  • Ensure that mod_proxy_http, mod_proxy_balancer are not in use or upgrade to Apache version 2.2.9 or later
  • Disable HTTP TRACE and TRACK methods
  • Don't allow list of files present in the remote directory (specifically they found a .DS_Store file I had inadvertently copied to the server)
Thanks for any advice!