PCI Compliance And The Hosting Minefield 
			Mar 20, 2008
				Been reading your genuis skills and I was so impressed I figured you might be able to help me with a rather terrible quandry.
I am undergoing the search for a new dedicated hosting provider and at the same time undertaking PCI compliance.
Some of the hosting providers are suggesting that all PCI compliant merchants must ALL have a seperate and stand alone Firewall in order to reach PCI standards.
Other hosting providers seem jaded by the question and seem to think that the standard software type firewall will suffice.
Now, are the sales people I am speaking to inept or am I being "upsold" unneccessarily.
My transaction numbers are relatively low but the retention or certainly the passing of credit cards needs to be slick and happen on my site rather than another.
So could you tell me 
1/ Is a PCI compliant merchant needing to have a seperate $500 a month harware firewall?
Oddly enough Control Scan, who are very good at selling me their SSL and PCI compliance in one service, are unable to advise me on those manditory hardware requirements for PCI compliance, even though they are supposed to be experts in the arena. So I thought I would ask someone who actually knows what they are doing!
	
	View 14 Replies
  
    
		
ADVERTISEMENT
    	
    	
        Dec 7, 2008
        I have searched for a bit, switched 3 hosting companies, and looking for a hosting company that can back up what they say...not just to get the sale 
I have searched around here, and noticed a few hosting companies, and did a 'find a host search' but no reviews are in place
Can anyone provide some names of hosting companies, that are on shared servers, because 
I can not afford dedicated server.
	View 10 Replies
    View Related
  
    
	
    	
    	
        Apr 1, 2009
        I was just presented with some work. The client has a ZenCart site. 
They were recently contacted by their CC company that they are not PCI compliant. They brought it up with their hosting provider and were told that the host can put them on clustered hosting and set them up with a SSL certificate. As it stands now, they are using a freebie SSL cert that is registered with the host (https://thesite.host.com).
They decided that clustered hosting and a custom SSL cert is too much money. So they want me to install PayPal Website Payments Standard.
I'm fuzzy about PCI compliance. Will this actually make the site PCI compliant?
	View 11 Replies
    View Related
  
    
	
    	
    	
        Jan 14, 2008
        I have taken basic security measures on my VPS such as using CSF firewall, cPanel and CSF's security tweaks, compiling php with suhosin etc.
As there will be a couple of sites running ecommerce stores, I want to do PCI compliance to give greater confidence to my clients. How/where do I start? The available options just seem incredibly expensive.
	View 2 Replies
    View Related
  
    
	
    	
    	
        Dec 4, 2008
        We have a client on a VPS (Virtuozzo) that is failing PCI Compliance through McAfee as the port for the "power panel" in Viruozzo uses week SSL encryption.
Since we can't block the port (as users need to be able to access it) does anyone know how we can possibly upgrade that or change things so that it will pass compliance?
All other ports on the server are fine, but the port 4643 keeps failing under the ScanAlert scans:
Low Strength Ciphers (< 56-bit key)
SSLv2
EXP-RC2-CBC-MD5 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export
EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
SSLv3
EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-DES-CBC-SHA Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-RC2-CBC-MD5 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export
EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
TLSv1
EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-DES-CBC-SHA Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-RC2-CBC-MD5 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export
EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
Medium Strength Ciphers (>= 56-bit and < 112-bit key)
SSLv2
DES-CBC-MD5 Kx=RSA Au=RSA Enc=DES(56) Mac=MD5
RC4-64-MD5 Kx=RSA Au=RSA Enc=RC4(64) Mac=MD5
SSLv3
EDH-RSA-DES-CBC-SHA Kx=DH Au=RSA Enc=DES(56) Mac=SHA1
DES-CBC-SHA Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1
TLSv1
EDH-RSA-DES-CBC-SHA Kx=DH Au=RSA Enc=DES(56) Mac=SHA1
DES-CBC-SHA Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1
Anyone have any suggestions on how we can resolve this issue for the client?
	View 10 Replies
    View Related
  
    
	
    	
    	
        Dec 11, 2008
        How important is PCI Compliance to you as a hosting provider? Are you compliant now?  
Do you intend to be complaint? Also how many thing that just getting a scan from comodo or another scanner makes you compliant?    
As far the rules for PCI-DSS state if you store CC's which all hosting companies do if they are using a billing system, i.e MB, WHMCS etc.. You have to be compliant to a fault for a 37 page document with lots and lots of requirements that most don't do and don't know how to do.
Is it worth it to not make the effort and get compliant or risk losing your merchant account and getting on the TMF list and fined $50k?
	View 9 Replies
    View Related
  
    
	
    	
    	
        Apr 2, 2008
        Does "HackerSafe" (PCI Compliance [url] logo on a website make sense to attract more customers?
Will you (as a customer) prefer to see that logo on the hosting website where you bought your hosting from?
	View 14 Replies
    View Related
  
    
	
    	
    	
        Feb 14, 2009
        A bit of background. We're a Canadian company with an eCommerce (Miva Merchant) website currently hosting with Hosting4Less out of California, and we're using Moneris Solutions' eSelectPLUS gateway to accept credit cards online.
Actually, we're not accepting credit cards online yet as we're trying to become PCI Compliant. At Moneris' recommendation, we've signed with Trustwave to take care of PCI Compliance verification. The problem is, that Moneris requires us to provide them with our third party service provider's (Hosting4Less) PCI Certification, and to this request, Hosting4Less has responded with the equivalent of "a deer in the headlights look". I've contacted two other hosting companies and neither of them seems to be able to provide evidence of their PCI Certification either. So, my question, is providing such certification something that a PCI Compliant web host should be able to provide to their eCommerce customers, or is Moneris asking for something that doesn't exist?
Excerpt from Moneris Compliance email: ....
	View 14 Replies
    View Related
  
    
	
    	
    	
        Apr 23, 2009
        I'm trying to find at least three web hosting companies to choose from to host a Joomla websites on a shared server. Would consider dedicated if the deal was right. I have a friend of mine who wants to create a church website, and is looking for the best deal. I use Netfirms which I have never had an issue with, but I didn't want to be bias, and would like give him other options to choose from.
Is there a good WebHosting Review site, I could check out, or maybe someone could recommend their top three. I reading threw the forums here and I noticed there are not that many complaints with Hostgator. Again, I just want to see if there was anything out there better.
	View 12 Replies
    View Related
  
    
	
    	
    	
        Mar 5, 2009
        I'm hosting  wmv,wma,mp3 files, streaming of video can be done with Windows hosting, but my website script is with php.
Do you suggest Windows Server 2008 hosting or redhat linux hosting?
	View 6 Replies
    View Related
  
    
	
    	
    	
        Jun 4, 2009
        Lets say you're a customer looking for web hosting, but do have technical experience - you know, you develop your own websites, you've had experience in this sort of thing before.
What if you came across a provider who seemed to offer a good service, they're high quality, they can host your website on their brilliant setup etc... but they do not provide any e-mail accounts with your hosting?
We're developing our own shared hosting setup, our own control panel too. Regardless of the control panel though, we wouldn't feel comfortable hosting peoples e-mail. We have plenty of experience in every other aspect of general shared hosting - but not looking after e-mail accounts nor the associated software.
To be honest I don't think that many shared hosting providers truely handle e-mail properly, and that job should really be left to the professionals.
We could of course guide customers or potential customers on why we won't offer e-mail accounts (i.e. not wanting to offer something we know we can't provide to a high enough standard) and instruct them on how to setup e-mail with another provider (such as Google, who will do this for free with limitations).
The alternative to the above is that we mask in a third party to look after e-mail, i.e. resell someone elses e-mail services as part of our hosting packages. The third party would require API access to setup/remove accounts..
What do you think? Are we just acting stupid trying to provide web hosting without e-mail hosting included? I noticed a while back Dreamhost encouraged their customers to use an alternative e-mail provider!
	View 12 Replies
    View Related
  
    
	
    	
    	
        Oct 26, 2009
        I have about 5 sites all hosted on my same hosting account.  One of those domains is attached to the hosting account. I place my other domains in a folder of a sub-directory of my main domain.  This has been working fine, up until today when i noticed a weird error. I give you a little example of how my sites are setup
my main domain:
www.maindomain.com
My other sites hosted in a sub-directory of my main domain:
www.maindomain.com/sites/site2/
www.maindomain.com/sites/site3/
How my other sites appear on the web:
www.site2.com
www.site3.com
This works fine for every page until i go to www.site2.com/index.php
It redirects to www.maindomain.com/sites/site2/index.php for some reason
	View 2 Replies
    View Related
  
    
	
    	
    	
        Feb 27, 2008
        Can WHT'ers please suggest some reliable UK hosts so I can do some research on them?  I am just looking for a small hosting account hosting one domain.
	View 14 Replies
    View Related
  
    
	
    	
    	
        Aug 31, 2014
        Plesk 12 - Domain with no hosting I'm getting error when changing hosting settings to Website Hosting
Error: Some fields are empty or contain an improper value. ('home' = '')
	View 3 Replies
    View Related
  
    
	
    	
    	
        Jun 4, 2008
        *web hosting
*game server hosting
*voice server hosting 
Ive finished the template at the moment here is how it looks: ...
	View 4 Replies
    View Related
  
    
	
    	
    	
        Apr 2, 2009
        This question gets asked a lot in our Helpdesk and I figured I would post our knowledgebase article here to help anyone else wondering the Pros and Cons of Unlimited Domain Shared Hosting vs. Reseller Hosting.  If anyone has anything else to add, I appreciate any feedback on how we can improve our KB article.
----------------------------------------------------------------------
Given the present state of shared hosting, many clients may ask "Why would I need a Reseller account if I can host unlimited Addon and Parked domains within a single shared hosting account?". There is certainly enough Disk Space and Bandwidth provided in many of today's hosting packages, so why bother to purchase a Reseller account?
Many don't realize the drawbacks of hosting large numbers of domains within a single hosting account until they've already packed tens of them onto a single package.
So how do you know whether a Reseller account or Shared Hosting account is right for you? The answer is in how you plan to provide access to others and how "mission-critical" the sites are. You should consider the following factors when deciding on hosting a large number of domains:
1. Who will be managing these sites?
2. How important is site security between sites?
3. Will these domains need dedicated SSLs?
4. How resource intensive will these sites be (RAM, CPU, MySQL)?
In a nutshell, Reseller plans are for those who wish to host websites for other sub-clients and a shared hosting package is for a single individual managing multiple personal domains. We'll go over the 4 points above in greater detail. 
1. Who will be managing these site?
If you personally own multiple domains and wish to host them within the same hosting space, you can easily do so with an Addon or Parked domain. An addon domain will allow you to host a new domain within a subdirectory of your hosting space. A parked domain will allow you to have multiple domain names point to the same content. Since addon domains reside within the same user space as your main domain, you can manage all of your domains with a single login. You can see the problem if you want to provide another user with access. Since all accounts are managed with a single set of login credentials, if you give another user access to their addon domain you are also giving them access to your main domain. If you have vital information stored on your main domain and you are hosting another domain as an addon domain for someone else, you cannot provide them access to their hosting without compromising the integrity of your main domain. 
When hosting sites as a Reseller, your clients in turn will want access to their account and will want exclusive rights to their disk space and server resources. With a Reseller account, each sub-account you create gets its own username, password, and isolated user space on the server. Individual clients of yours have access to their user space and their user space alone. In addition to the isolation with regards to access concerns, each account also gets their own cPanel access. All of the same great features that you use to manage your sites can also be given to your clients. Next time client Y wants to add an email account, you don't have to do it for them for fear of giving them access to your cPanel, you can simply give them their login details and they can manage their own email accounts. 
2. How important is site security between sites?
This is along the same lines as point 1. This is not necessarily related to who you are hosting for, but what content you are hosting. Imagine that you are a webmaster and you are hosting your own personal site-in-a-box community forums (such as PHPBB or vBulliten) on your main domain and a company website for a paying client on an addon domain. It is not uncommon for popular scripts to have security flaws in older versions. Script authors will often update security flaws in later versions of their software. For this reason, it is very important to keep scripts up to date on your site. But let's assume you forget to update your scripts for a couple of months and an unscrupulous individual takes advantage of a well known security hole. Using this exploit, they gain access to your forums and any subdirectories. Since you are hosting another domain as an addon, they now have access to this domain's content as well. A site defacement on this company's site may not bode well for you when they are considering you for web master services in the future.
If these two domains had been separate into two individual users (i.e. two subaccounts created through a Reseller), their content would've been inherently isolated server side by Linux's user management. Sure, your forums still would've been affected by the security hole, but the break-in would've been isolated to your site alone. 
Going back to our example, let's say that instead of a corporate website as an addon domain you are hosting an image gallery site for all of your cats. In this case, it may not be a big deal if a compromise in your main domain spreads to your addon domain. After all, they are both owned by you and you're only losing some time and effort to restore these sites from your local backups (which I'm sure you've actively maintained  ). But then again, you are losing time and time is money. If these sites had been separated into individual users, again, you'd only have to restore one site's content. 
The idea here is isolation. Reseller plans provide you with the peace of mind to know that if one of your users doesn't keep up with their site's content as actively as they should, their actions won't negatively impact the content hosted on other domains. If you and those you host in your addons are diligent webmasters, maybe this point won't have much bearing on your decision. Only you can say for sure. 
3. Will these domains need SSLs?
As of this writing, SSL certificates must have a dedicated IP address to be installed. If you are hosting multiple domains on the same shared hosting package, you can still install an SSL (or purchase a dedicated IP address and install one) but you are limited to exactly one SSL on your account. If you are hosting multiple domains on the same package (and consequently the same IP), you must choose which domains gets to have the dedicated SSL. 
Sub accounts of Resellers can each be placed onto separate IP addresses and, as a result, can each have their own dedicated SSL installed. 
Of course, both shared accounts and Resellers' sub accounts can use the server's shared SSL free of charge. However, some clients prefer to see their domain in the URL bar when they visit https.
4. How resource intensive will these sites be (RAM, CPU, MySQL)?
We've already established that disk space and bandwidth will be no problem. But what about CPU, RAM, and MySQL resources? 
It's important to be aware of the resource needs of your website. As administrators, we have to make sure all users "play nice" on the server. We can't have user X eating all of the CPU cycles computing pi to the trillionth decimal place while you are trying to serve web pages to your loyal visitors. We have to monitor the actions of all of our users and in the event someone is stepping beyond the bounds of acceptable resource consumption, we have to take action. In most cases, this entails disabling the abusive script, but in extreme cases we have to suspend the abusive user account to prevent other domains from encountering performance degradation on their sites.
If you are hosting 100 domains as addon domains, all serving nothing but static HTML pages, maybe you will stay off the radar. 
But considering most sites are more complicated than static HTML, you may want to be aware of how many sites you host as addons and what content they serve. If you're hosting the latest and greatest Joomla modules, with up to date news feeds, integrated forums modules, polls, blog posts, etc your site can certainly require a degree of CPU to serve your pages. Now imagine you have 5 or 10 of these sites all hosted as addon domains. The resources these sites need to generate their content can quickly add up and before you know it you've got a friendly email from Acenet, Inc. in your inbox wondering why your user is consuming 2 of the 8 CPU cores on the server. That may be an exaggeration, but you get the idea. In the event your resource usage becomes so excessive that we have to suspend your user, now all of your sites are down instead of whichever one may be the direct cause of the spike in CPU, RAM, or MySQL consumption.
If each of these had been separate Reseller accounts, the offending account could've been suspended temporarily while we work through the cause, leaving the rest of your domains live and kicking.
The conclusion here is that you need to be aware of the needs of your sites in a general sense. Hosting unlimited domains within a shared hosting space is certainly a nice feature. For those webmasters who have multiple presences on the web, it's very convenient to be able to manage all of their personal domains from a single control panel. For those entrepreneurs who are hosting multiple domains for other individuals, the features and security associated with a Reseller plan and the inherent isolation of Linux users is a must have.
----------------------------------------------------------------------
	View 12 Replies
    View Related
  
    
	
    	
    	
        Jul 31, 2014
        I'have a problem with my aps setup on sanbox.When i create on customer ccp when i click finish i have this error. I must only test.
Error: Instance of application with id 124 and version '1-4' can not be provided: There is no resource of class 'Shared hosting Apache' with provisioning attributes 'Web Cluster' in subscription with id 1.:There is no resource of class 'Physical hosting (IIS)' with provisioning attributes 'Web Cluster' in subscription with id 1..If i add the shared hosting apache resourse i get this error : There are no "apache" services that satisfy given attributes: "Web Cluster".
	View 3 Replies
    View Related
  
    
	
    	
    	
        Jan 29, 2015
        I have a problem with Parallels Plesk v12.0
Hosting type on website became "No web hosting."
When I try to change hosting type to "Forwarding" it changes ok.
If I change hosting type to "Website hosting", I get message "The hosting type for "website name" was successfully changed.", but hosting plan still stay "No web hosting"....
	View 3 Replies
    View Related
  
    
	
    	
    	
        Jul 13, 2005
        I am developing a website for a client of mine (the client is a close friend and know's that he is getting a newbie). This site will be larger (project wise) than anything that I have ever done (everything I have done in the past has been FrontPage). We will be using several third party applications that need to run on the server as well as our own custom developed applications. We do not yet know how much access to the server's deeper structures we will need for all of the applications that we want loaded on our server to run.  Things we have in mind: oscommerce, mysql, php5, apache, linux, vbulletin, blogger, phpbb, adserver, ect... Would these things run ok on a shared host and would I have full authority to configure them without needing full access to the server? Or will I need access to the entire server (dedicated server) in order to have full customization capabilities? I guess all I am trying to figure out at this point is will shared hosting for a large project limit our abilities to use 3rd party apps, or do most 3rd party application designers build their stuff to work in a shared hosting environment anyway?  If we need to get a dedicated server we will, but if we can get away with shared hosting for a while (especially during development when the site will not be generating revenue) it would be nice to avoid the price of a dedicated server. Many thanks for your comments, insight, and expertise!  Also, if anyone can sight some common scenarios that may require a dedicated server over a shared hosting plan, that may help me to understand what the limitations of a shared hosting plan vs. a deicated or virtual dedicated server are.
	View 2 Replies
    View Related
  
    
	
    	
    	
        Jun 1, 2009
        Kindly provide the Webhosting comparison between EasyCGI Hosting and WebFaction Hosting.
	View 3 Replies
    View Related
  
    
	
    	
    	
        Aug 12, 2009
        It's impossible to find a cheap webhosting service for Rebol, I found one which cost an awfull 20$ per month for 100 Mo 
So I'm thinking about taking a VPS but would like to share the cost by reselling some spaces. What would be the best Hosting Resellers for that, I mean with GOOD TECHNICAL SUPPORT KNOWLEDGE OF CGI INSTALL.
	View 0 Replies
    View Related
  
    
	
    	
    	
        Apr 16, 2008
        if i want to make image hosting such as allyoucanupload or imageshack , where hosting should i go to,... i was with hostgator and they suspended me for it. 
	View 14 Replies
    View Related
  
    
	
    	
    	
        Aug 17, 2008
        Here is my dilemma, thanks to a thread in these forums I was directed to a hosting website called pc-core.net and I was interested in using them, because it does not appear that they oversell at all. My question is regarding the fact that they have the shared hosting for $12/month with ~5gb of disk space and 50gb of transfer. I then just looked at reseller hosting for the heck of it, and noticed i could get a reseller hosting account with 45gb storage and 450gb of bandwidth for $10/month. Even though I wont be selling hosting, or anything like that, can I use a reseller hosting account like a normal shared hosting account?...just with more space and bandwidth?
	View 3 Replies
    View Related
  
    
	
    	
    	
        Jun 13, 2008
        I'm new to the VPS scene, so could someone tell me the difference between VPS and say shared hosting or dedicated hosting? Actually I really like to know what a Virtual Private Server actually is.. I know shared hosting is typically a single account on a server with several hundred other accounts which is used primarily for the sole purpose of hosting websites, and I know that dedicated hosting is functionally the same as colo except that you rent the server, instead of having your own purchased server plugged into some network. So what is VPS?
	View 3 Replies
    View Related
  
    
	
    	
    	
        May 6, 2008
        Do website builders generally go with shared hosting or dedicated server? I mean, if they work on several websites would they get a dedicated server instead of shared? From what I understand through reading shared hosting is basically if you only have one website. So one with multiple websites would go with a dedicated server?
	View 12 Replies
    View Related
  
    
	
    	
    	
        Apr 23, 2008
        I would like to know the different between the shared hosting and reseller hosting?
	View 7 Replies
    View Related
  
    
	
    	
    	
        Mar 15, 2007
        I wanted to know which one do you prefer these 2.
1.) Personalized hosting with custom made packages 
Support via IMs, PMs & Emails. "Feel at home"
2.) Automated hosting & pre-made packages.
Support via inefficient "live help" operators who have the same answer - "Your support request has been forwarded to a higher authority" . No interaction with the owner & the "professional feel"
I like no. 1 & thus I provide hosting on the same principles.
So which one do you prefer, & if you are a host, which one do you incorporate?
	View 1 Replies
    View Related
  
    
	
    	
    	
        Sep 25, 2009
        How long do you wait before moving from shared to VPS or dedicated? Apart from security and speed, what are the benefits of dedicated hosting? This says [url] that shared is better than dedicated because you have to do less..
	View 14 Replies
    View Related
  
    
	
    	
    	
        Jun 27, 2008
        I have had UmBra Hosting for about a month now and my site hasnt gone down once, there plans start at 2.99 which is great and the 2.99 plan comes with 50gb space and 500gb bandwidth. Has cpanel which I love. But im leaving only because I have started my own hosting on a reseller. Which you will see soon! 
	View 6 Replies
    View Related
  
    
	
    	
    	
        Mar 24, 2008
        I recently got webhosting with godaddy which I have now decided was a bad choice.  Its "user friendly" model makes it harder.  My main problem at the moment is loading forum php script and such I have to have my permission changed which i know how to do but it wont let me through ftp or godaddy's filemanager (though it says you can).  *Does someone know how to do this on godaddy **or what hosting do you recommend for: ....
	View 8 Replies
    View Related
  
    
	
    	
    	
        Jun 27, 2008
        I'm not sure if we're leaning on dedicated or VPS yet, but as a starter post, what's a webhoster you guys would recommend for a hosting company that is reliable and robust that we can scale with....as our requirements grow. 
We're currently scripting how the new site will be redesigned, but there will be video blog portion that we expect to cheap up bw.
	View 1 Replies
    View Related