New Secure PCI Update and Changes
- Posted by Support
- 20 November 2011
There have been several upgrades and changes made to your web hosting server today. As a company we are committed to maintaining the highest security possible and PCI/DSS compliance. The changes today are related to maintaining the server's security and PCI/DSS compliance.
Those of you using FTP will need to observe the a proper TLS connection. Here is a tutorial (http://pro-webs.net/tutorials/setting-up-an-ftp-connection/)
cPanel Passwords will all nag and require you to reset them every 90 days. Additionally, the password strength will need to be 65 or better.
Our servers have been protected against some new attacks reported by PCI/DSS.
ALL server cyphers have been updated to disable SSLV1 and 2.
Security Tokens have been enabled. This will require you to properly login to your cPanel (NOT from a saved session) in order to save actions, do or complete any function in your cPanel.
Our servers are currently a "A" rating for SSL Server Rating (https://www.ssllabs.com/downloads/SSL_Server_Rating_Guide_2009.pdf).
While we certainly realize these changes seem and can be inconvenient, however, the new PCI/DSS requirements for June 2012 are going to be a huge change. We intend to be ready, compliant, safe and secure. Just a note that ALL of the above changes are already required by PCI/DSS.