• The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Windows PCI Issues

M

Michael Dudas

Guest
So,

I've read many a forum, many a post, and many a tutorial on doing plenty of things to get Plesk PCI Compliant. And yet none of the tutorials are for Windows Plesk, None of the forum or mailing list posts show any hope of being PCI Compliant using Windows Plesk at all, and I need to get this sorted out.

I have a few main issues:

1. 8425/tcp Device Php < 4.4.9 Multiple Vulnerabilities
-- PHP 4 has to go. It was EOL'd years ago... when is Plesk going to be PHP 5 only? I can have my customer's websites using PHP 5, but the backend is still PHP4???? Why? Is there a solution to this that I have been unable to find, or that is supported in any way by Plesk?

2. 8425/tcp WebApp Unencrypted Login Information Disclosure
-- Unencrypted Webmail. I have been told by quite a few people that there is no way to setup SSL for the included Horde webmail. I've gone into the IIS configuration and tried to open a new port for SSL traffic, but there doesn't seem to be any way to get it to use any certificates I already have. Is there a solution for this at all either?

3. 443/tcp & 8443/tcp Device Weak Supported SSL Ciphers Suites
-- How do we go about removing SSLv2 support? We have already tried this, with our upstream provider already getting help doing so from Plesk support. But ultimately it just destroys all SSL support. We spent 3 weeks trying to figure out why and had to give up. Simply being told that it wasn't possible to make Plesk PCI Compliant. Anyone have any ideas on this one?

Any suggestions/solutions are greatly appreciated. If there are any Plesk moderators out there reading this, I'd like to see Plesk's official stance as well, so at least I can bring that back to my customers if there's no hope in fixing these items soon.

Thanks ahead of time,
Mike
TVCNet
 
Back
Top