Plesk 9.0.1 + PHP 5.2.8 = Still Failing PCI Compliance
I have seen a handful of posts regarding PCI Compliance on Plesk with PHP 5.2.8. Here is my current PCI failure:
TCP 8443 pcsync-https 8 Synopsis : The remote web server uses a version of PHP that is affected by multiple flaws. Description : According to its banner, the version of PHP installed on the remote host is older than 5.2.7.
TCP 8880 cddbp-alt 8 Synopsis : The remote web server uses a version of PHP that is affected by multiple flaws. Description : According to its banner, the version of PHP installed on the remote host is older than 5.2.7.
TCP 465 urd 4 Synopsis : The remote service encrypts traffic using a protocol with known weaknesses. Description : The remote service accepts connections encrypted using SSL 2.0, which reportedly suffers from several cryptographic flaws and has been deprecated for several years.
I have PHP 5.2.8 installed and I am running Plesk 9.0.1.
I changed "expose_php = Off" in /etc/php.ini but it doesn't seem to make a difference to the PCI scan.
This variable was not present in /usr/local/psa/admin/conf/php.ini
Should I add it there also?
Any ideas on how to fix this?
UserDir Causing me to fail, Please Help!
Sorry for hijacking this post but seems its talking about a similar issue to what I'm experiencing..
I have a single PCI failure, I've been working my nuts of for the past week and the only thing I'm unable to get UserDir disabled over 8443 (plesk).
I know this probably isn't possible from my VPS, does my host have to disable it on the server that my VPS resides?
Not sure if they will, and if they don't it all doom and gloom for my PCI clearance!
Any advice GREATLY appreciated.