PCI Compliance

If you have a server that is involved in eCommerce – you MUST be PCI complaint.  Here are a few steps to get a virtual private server running cpanel/whm PCI complaint:

Disable TRACE or TRACK method

  1. Access your Web Hosting Manager (WHM)
  2. Under Service Configuration, click the link for Apache Configuration
  3. Click the Global Configuration link
  4. The second option is TraceEnable.  Set this to OFF.
  5. Restart Apache

Disable weak ciphers

I logged into my WHM (11.24) > Apache Configuration > Global Configuration, and here is a direct cut and paste:

ALL:!ADH:!NULL:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:-LOW:+SSLv3:+TLSv1

More to come…

Leave a Reply