Recent content by Deoxymono

Have to tried running the analyser here: https://www.ssllabs.com/ssltest/ to determine whether your cipher changes are taking effect?

Just to confirm it did pass with the ciphers I used. Thank you for the post anyway Hostasaurus.

OK scan failed again. It seems Security Metrics do not recognise "honorcipherorder" therefore you have to create a long list of not allowed ciphers instead. Thanks to some help on another forum my cipher list now reads: SSLCipherSuite...

Right figured out this is referring to the Beast attack which exploits vulnerabilities with block ciphers so switching them off should mitigate this. However I had trouble getting my cipher changes to be applied to server. First I edited: /etc/httpd/conf.d/ssl.conf however changes to the...

I fixed this issue simply by blocking port 8880 through the Plesk firewall. It seems it is not needed unless you want to use the Plesk panel without https.

I fixed this issue simply by blocking port 8880 through the Plesk firewall. It seems it is not needed unless you want to use the Plesk panel without https.

Another PCI scan failing from Security Metrics: ------------- Protocol: TCP | Port: 8880 | Program: cddbp-alt | Score: 4.0 Description: Web Server Uses Plain Text Authentication Forms Synoposis: The remote web server might transmit credentials in cleartext. Impact: The remote web...

Hello, VPS server is currently failing PCI scan due a SSL/TLS Protocol Vulnerability. Server info: Parallels Plesk Panel v10.4.4 | CentOS 5 ------------- SCAN FAILURE Protocol: TCP | Port: 443 | Program: https | Score: 4.3 Summary: SSL/TLS Protocol Initialization Vector...

Did you find out how to fix this? I'm failing on this too.

Info: Parallels Plesk Panel v10.3.1 / OS: CentOS 5 Hi, I am currently completely unable to access Plesk: See my related post which is currently unanswered so I'm a bit stuck: http://forum.parallels.com/showthread.php?t=260374 Anyway I've asked the hosting company who provide the VPS...

Info: Parallels Plesk Panel v10.3.1 / OS: CentOS 5 I needed to install a domain SSL so I went to login to plesk for my VPS but get a Connection Refused message in the browser window (chrome). "Google Chrome's connection attempt to vps347817-1.lcnservers.com was rejected. The website may be...

Well I managed to sort all problems apart from the Courier IMAP one which I believe is a false positive anyway. For the expired SSL I simply created a new self-signed one and replaced it. And for the accessible port 3306, I simply blocked access using the firewall. I have checked and the...

Info: Parallels Plesk Panel v10.3.1 / OS: CentOS 5 Hello, I need some help with PCI compliance on a VPS. I've already fixed a few different problems, yet could do with help/clarification on the following scan failings by SecurityMetrics as its starting to give me a headache :(...

Hi, I want to run magento on a VPS just purchased. However running the magento compatibility checks reveals 1 error which is: "You are missing the mcrypt extension" I've tried and tried to get mcrypt installed but to no avail :( Server info: VPS server, Linux 2.6.18-028stab079.1, CentOS...