• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion
  • Inviting everyone to the UX test of a new security feature in the WP Toolkit
    For WordPress site owners, threats posed by hackers are ever-present. Because of this, we are developing a new security feature for the WP Toolkit. If the topic of WordPress website security is relevant to you, we would be grateful if you could share your experience and help us test the usability of this feature. We invite you to join us for a 1-hour online session via Google Meet. Select a convenient meeting time with our friendly UX staff here.

Dsiable ftp and enable SFTP

A

andywill

New Pleskian
Failing pci scan for having port 21 unencrypted

The service running on this port (most often Telnet, FTP, etc…) appears to make use of a plaintext (unencrypted) communication channel. Payment industry policies (PCI 1.1.5.b, 2.2.2.b, 2.3, & 8.4.a) forbid the use of such insecure services/protocols. Unencrypted communication channels are vulnerable to the disclosure and/or modification of any data transiting through them (including usernames and passwords), and as such the confidentially and integrity of the data in transit cannot be ensured with any level of certainty.

Is there a way to enable SFTP and get rid on FTP ?
 
Has anyone found a solution for this? We have PCI compliance failing because this has been re-enabled somehow(a recent update perhaps?) Even though we still have the full plesk PCI compliance enabled.
 
Eric Pretorious said:
Is this KB article still relevant for Plesk 11.x?
What client should Windows users use to connect? i.e., Will Filezilla for Windows support TLS?
Are any other modifications required? e.g., Will ProFTPd continue to listen on TCP Port 21 or will it also begin listening on any other ports?
Click to expand...

It worked alright for me so it must be. Filezilla still works, just change Encryption to "Require Explicit FTP over TLS" It will still operate on port 21 unless you tell it otherwise, and the PCI scan still failed as the server responded on 21 but I disputed it as it is now encrypted and they accepted this.
 
JohnathanW said:
It worked alright for me so it must be. Filezilla still works, just change Encryption to "Require Explicit FTP over TLS" It will still operate on port 21 unless you tell it otherwise, and the PCI scan still failed as the server responded on 21 but I disputed it as it is now encrypted and they accepted this.
Click to expand...

Thanks, Johnathan. I've also changed the setting to Require Explicit FTP over TLS:
Code: 
Are clients required to use FTP over TLS?
TLSRequired yes
...and everything seems to work as expected. :)
 
You must log in or register to reply here.

Similar threads

Edi Duluman
Question How to fix cleartext IMAP / FTP
Replies
3
Views
3K
UFHH01
U
A
Help with the compliance with Trustwave
Replies
7
Views
8K
SteveL132
S
Back
Top