Does anyone have experience of PCI DSS scanning on a shared server? Our current hosting company have told us that it's unlikely to pass on a shared server, and that we should move to a Virtual Managed Server for them to make the necessary changes to pass a PCI scan.
In particular, we're talking PCI compliance to use PayPal website payments pro UK.
From Googling there seems to be a lot of debate on this issue - varying from 'all you need for PCI compliance is a SSL certificate' (this seems to be paypals attitude), to 'PCI scans can be passed on a shared server if your host is willing to help' to 'you need separate dedicated servers for the database and site etc'.
Does anyone use website payments pro UK, have a shared server, and regularly pass quarterly PCI scans? Also, we would much prefer a host based in the UK - we seem to get much better performance from our UK host than we did when the site was hosted in the US (our customers are almost completely UK based).
I found several requests in my error log which looks like someone was scanning my site for phpMyAdmin. This was a newly created subdomain. So I checked my main site and another subdomain and they also contained similar entries. Should I do something?
[Fri Jul 03 03:23:16 2009] [error] [client 126.96.36.199] File does not exist: /var/www/vhosts/mydomain.com/subdomains/mysubdomain/httpdocs/phpMyAdmin [Fri Jul 03 03:23:16 2009] [error] [client 188.8.131.52] File does not exist: /var/www/vhosts/mydomain.com/subdomains/mysubdomain/httpdocs/phpmyadmin [Fri Jul 03 03:23:16 2009] [error] [client 184.108.40.206] File does not exist: /var/www/vhosts/mydomain.com/subdomains/mysubdomain/httpdocs/pma ...
A website I've recently been entrusted with was cracked into via brute force ftp earlier this week. Apparently the bad guys ran a script that added iframe links to every page named index.html. The iframe linked to 3 sites that prompted malware downloads.
I think I've found and removed all the affected code, however I'm looking for an online website scanner that will drill down through all the links on a given site and search the code for similar problems.
I've only found a couple of these so far and they don't seem to fit the bill; was wondering if anyone here had recommendations or experience with similar tools...
I get a lot of messages from CSF about Port Scanning and Bruteforce detection.. Is there a way to avoid all of these attacks ? Because it tries to figure out my clients ftp or pop3 user with several usernames, i.e. administrator, postgres, mysql, httpd, and many more..
I know a little about internet security.. Is it possible to make my public IP of shared hosting untraceable ? Like this one..
Just do a ping to ebay.com or paypal.com and then you will receive RTO message or Destination host unreachable, but actually the site is running well..
My main goal was stopping incomingo spam.. and MailScanner is doing a great work on that.. but, it is taking too much time extracting and scanning attachments... does anyone know how to disable scanning the attachments ?
I was trying to install mailscanner on a cpanel box using chirpy's script [url], followed every step, until this:
Code: [firstname.lastname@example.org:~]perl mscpanel.pl -i Unable to open spam.scanning.rules for reading: file or directory doesnt exist at mscpanel.pl line 115. On the 115 line i found this:
Code: open (IN, "</usr/mailscanner/etc/rules/spam.scanning.rules") or die "Unable to open spam.scanning.rules for reading: $!"; The file /usr/mailscanner/etc/rules/spam.scanning.rules just doesnt exists... maybe chirpy's script is not working well installing everything its needed..
I'm running CentOS with Paralells Plesk bundled Paralellls Premium Antivirus (Dr Web). After the latest yum updates DrWeb continously seems to crash and be restarted by the Parallells watchdog. By default there were no logs for DrWeb, but when I enable logging to a file it gets spammed continously with the following error:
Cannot create pipe for communication with scanning childs (Too many open files)and the Drweb process runs at 99% CPU for long periods. This totally fills the disk with logs and I've now disabled logging again and Drweb is back to continously being restarted by the watchdog.
i want to know what is the difference between dedicated server and shared server. I was relaly confused in these services. Couls any one please let me know in detail about these servers?. I will be choosing one of these service.
I am developing a phpfox site and in order to use the video capabilities I need a host with ffmpeg installed.
My current host were a bit misleading and let me think I could pay them a small sum to install ffmpeg on a shared server and that would see to it. Turns out I would need to get a dedicated server, which was quite a shock when I saw the price of that.
I would like to know if shared servers with ffmpeg are worthwhile, or is a dedicated server generally regarded as the only way to go?
If success can be achieved with shared hosting, are there any hosting companies that would be recommended. Apthost is a name that seems to crop up quite regularly, but I don't know how to tell a good host from a bad host, so I'm asking you all!
P.S. My bandwidth needs shouldn't be more than 100gb/month at the start, but that is only a rough beginner's guess.
I would like to inform you about the planned migration of your shared hosting account to a new hosting environment. This concerns the domain xx***********. The migration will start on: 29-10-2009 during business hours.
Due to a problem with the restoration of the backup on the newermachine, we did not succeed in the transfer of your domain. So for now it will stay on the 'older' webshared enviroment. Are you OK with us to give it another run tomorrow? Please indicate a No in case this is inconvinient to you, if there is noanswer we assume that there is not a problem and we will work on thetransder again tomorrow.
Dear Customer, The transfer of your webpackage to one of our new shared hosting servershas been completed.
Now my Oscommerce site is down: Parse error: syntax error, unexpected ';' in /vhosts/xxx***********/httpdocs/catalog/index.php on line 314
I checked line 314 of index.php does not have ';' My site admin side is working.
I have been with Page-Zone for a couple years now. Just the past year I have had little problems with them.
-For instance once I was trying to update my website and their server went down. I thought it was something on my end so I started trouble shooting it for an hour and then it came back up.
-Another time the users on my website were without e-mail for a week, because they changed IP address.
-And finally the e-mail accounts couldn't receive any e-mails from Comcast, MSN, or Hotmail accounts. So I ended up setting up a Google Aps account for us to use for e-mail.
Granted they are very cheap but I have been having many problems with little support. Also today I just noticed that in the whois it lists Network Solutions as the technical contact. Are these things that I should be looking for a new host for?
I am working on creating a social networking website. It will have approximately 2500 members with about 1/2 using video. I spoke to 2 different programmers through rent-a-coder. One told me to get a dedicated server through GoDaddy that runs me about $120/mo. The other programmer told me that there was no way that I would need that much and I could get a shared hosting package for $10-$20/mo and that would work fine. He said that a dedicated server wouldnt be necessary unless I was getting a ton of hits to my site or needed to host multiple sites. I inquired about it with GoDaddy and when I mentioned I was doing a social networking site, they said I would need the dedicated server. I am hiring someone to build the site since it is beyond what I am capable of, so I am clueless on who is correct.
One of my clients sites has just been hacked and im pretty sure its through the hosting and not the scripting, although the host us not being very helpfull.
What I want to do is see what other sites are on the shared account to see if any of them are having problems. As a coincidence the server has 'gone down' not long after being hacked which makes me think the host has pulled it.
I remember years ago (at least I hope I didnt dream it) that a website told me all the other sites on my server, probably by using some kind of reverse lookup on the IP, servers are not my strong point so I dont know.
I have a small reseller account but all the domains are managed by myself. Security has not been a problem because the sites are simple, but now I have a need to deliver and recieve private files. I know how to keep the website itself secure writing my own sessions, using explicit variables, storing sensitive data outside of the web directories and that sort of stuff but it is my 'neighbors' that bother me. If one of them gets hacked or I get a bad neighbor sharing the server I do not want them to have access to my files and passwords.
A few years ago I wrote a browsing script that I found out had the ability to escape my own area and roam freely around every area on the server with unlimited access to every file. When I complained about it, the server admin said that I had nothing to worry about. When I pressed the issue I was told that nobody could invade my files because it was against the rules to go into other people's account. It turned out most server administrators left things open to eliminate scripting problems for their users and there was really no way to lock down a server without breaking a lot of scripts. At the time I moved to a more secure server but they eventually opened things up because of too many complaints and help requests.
Have things changed? Have they worked out the issues with shared servers? Is there a way to tell if my host has implemented proper safeguards (if any viable ones exist)?