In Progress

Make Website PCI DSS Compliant

*** Only bid if you have successfully made at least 3 other websites PCI Compliant, and you can provide references***

My ecommerce website needs to made PCI Compliant to be approved to process credit cards on the website

My website is on a 1and1 Virtual Private Server. There is also another website on this server.

[url removed, login to view] performed a scan on both domains which failed.

Issues it failed on:

- web server autoindex enabled

- OpenSSH 4.3 is vulnerable

- The remote web server contains a PHP script that is prone to an information disclosure attack

- Possible cross site scripting

- The remote service encrypts traffic using a protocol with known weaknesses

- The remote service supports the use of weak SSL ciphers

- The remote service supports the use of medium strength SSL ciphers

- SSL server accepts SSLv2 protocol

- The remote service supports the use of anonymous SSL ciphers

- Apache ETag header discloses inode numbers

- SSL server accepts weak ciphers

- The remote service encrypts traffic using a protocol with known weaknesses

I will provide the winning bidder with full PCI Scan reports for both domains from Security Metrics, outlining all the issues in more detail

I will release payment once I perform a secon PCI Scan and it passes

Server Software: CentOS 5 with Parallels SB

Skills: Apache, Computer Security, PHP, System Admin, Web Security

See more: virtual server pci compliant, openssh vulnerable security metrics, securitymetrics apache etag, pci dss apache, websites make software, weaknesses, strength weaknesses, ecommerce website software, centos website, admin 1and1, 3 weaknesses, 1and1 virtual server, 1and1 admin, 1and1 security metrics, private web ecommerce, vulnerable, virtual private server, pci dss, metrics, ecommerce website virtual, apache traffic server, centos apache admin, centos ssl enabled, website virtual server, php script credit system

About the Employer:
( 1 review ) Manchester, United Kingdom

Project ID: #1258464

Awarded to:

Nick1

Certified Linux System Administrator and Security Advisor ready to work. Have work with SecurityMetrics several times before. I can start right away. Regards. Nick.

£200 GBP in 5 days
(187 Reviews)
6.5

7 freelancers are bidding on average £214 for this job

crajeshbe

Hi Good day. Thanks for the invite. Expert in making site and server as PCI DSS compliant. Ready to start the work right away. Awaiting for selection and escrow. Regards [url removed, login to view]

£250 GBP in 2 days
(54 Reviews)
5.7
itamarjp

please check pm.

£250 GBP in 0 days
(61 Reviews)
5.3
TonyUA

Hi! Check your pmb pls.

£200 GBP in 2 days
(12 Reviews)
4.8
servernix

Experienced Linux Admin and Security expert. Worked with Secuirtymatrix, Macafeesecure and Control scan before. Please check PM for references.

£150 GBP in 3 days
(28 Reviews)
4.6
techinso

I can help you with the PCI compliance checks. I have made over 20 websites PCI compliant on CentOS servers as a part of my daytime job.

£200 GBP in 2 days
(11 Reviews)
3.7
DesignerVilla

Hi, Please Read your PMB for Clarification and if you accept them, we will start over.

£250 GBP in 10 days
(0 Reviews)
0.0