PCI complience?

Discussion in 'Linux VPS/Dedicated - General' started by Nimai, Jul 15, 2009.

  1. Nimai

    Nimai New Member

    I have a VPS-Ltx package and we're getting penalty charges from Authorize.net because our site failed a Security Metrics PCI audit. We have the list of proposed solutions. Are these all updates that I can/should be doing myself, or should I be contacting support?

    • Upgrade to PHP version 5.2.8 or later
    • Disable mod_frontpage
    • Disable anonymous FTP logins (I think I know how/where to do this)
    • Ensure that mod_proxy_http, mod_proxy_balancer are not in use or upgrade to Apache version 2.2.9 or later
    • Disable HTTP TRACE and TRACK methods
    • Don't allow list of files present in the remote directory (specifically they found a .DS_Store file I had inadvertently copied to the server)
    Thanks for any advice!

Share This Page