The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

CSF and PCI Compliance Scans

Discussion in 'Security' started by pjman, Sep 26, 2011.

  1. pjman

    pjman Well-Known Member

    Joined:
    Mar 22, 2003
    Messages:
    101
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    New York
    I use CSF to block my ports. I just had my first PCI scan since installing CSF. The results came back inconclusive meaning they were blocked from stuff they wanted to check.

    I put their IP in my ignore list figuring that would allow it to run. But it didn't work.

    Any ideas how I can allow them past the firewall, but to also make sure that they see the that port 3306 is closed?

    A 1000 Thanks.
     
  2. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    You can put them in the allow file - csf.allow - but problem is they'll see port 3306 as open. Seems to me their testing is fundamentally broken though - badly - if they want you to turn the firewall off so they can test!
     
  3. pjman

    pjman Well-Known Member

    Joined:
    Mar 22, 2003
    Messages:
    101
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    New York
    @brianoz

    Thanks for posting.

    I figured it out, well chirpy told me. Chirpy told me to put the IPs in the csf.ignore file and that fixed it. I ran a scan and passed.

    I just couldn't figure out how to put IP block in there though. I put it in as IP/IPBlock and CSF crashed over and over. So I removed that entry and put all 58 IPs in one by one.
     
Loading...

Share This Page