Port 8880 PCI Compliance problem

[bobthemaster]

Hi,

I have a site on a dedicated server. The server spec is below:

Plesk: 9.0.1
Apache: 2.0.54-10.4
PHP: 5.0.4-10.5
O/S: Linux 2.6.16.27-061216a (FC4)

I'm trying to make it PCI compliant and stuck on a vulnarability. Plesk appears to allow access to the Plesk control panel via port 8880 without being secure (https). This appears to be the case regardless of the domain used, ie.

http://domain-nameA.com:8880/
http://domain-nameB.com:8880/
http://domain-nameC.com:8880/

etc.

I need to redirect port 8880 access to at least a secure (https) connection if possible. Failing that, to block the port but from reading various posting accross the web, Plesk uses port 8880 for things.

Please could some kind soul help me before I loose any more hair.

Thanks

 

[soaptray]

I am having the same issue for PCI compliance... I have gotten myself into doo doo though. I was trying to edit the file to see if I could add a redirect to https:// and it broke my login_up.php.... and now I get an error.

I have tried to copy the file from another server, with the same version of plesk and still get the error... did I monkey something up?

Also any help on PCI compliance issue would be great.

 

[DenRomano]

did you solve this? I need to also

 

[atomicturtle]

Just block it with firewall rules:

iptables -I INPUT -p tcp --dport 8880 -j DROP