I have a VPS-Ltx package and we're getting penalty charges from Authorize.net because our site failed a Security Metrics PCI audit. We have the list of proposed solutions. Are these all updates that I can/should be doing myself, or should I be contacting support?
- Upgrade to PHP version 5.2.8 or later
- Disable mod_frontpage
- Disable anonymous FTP logins (I think I know how/where to do this)
- Ensure that mod_proxy_http, mod_proxy_balancer are not in use or upgrade to Apache version 2.2.9 or later
- Disable HTTP TRACE and TRACK methods
- Don't allow list of files present in the remote directory (specifically they found a .DS_Store file I had inadvertently copied to the server)