PCI Compliance fail on Domain starting with 'www.' but no associated ports open

[hangerworld]

I have just upgraded from a shared hosting package to a VPS in order to get through PCI compliance and get a performance boost as my site gets busier.

I have a CENTOS 6.6 x86_64 setup.

We have failed our latest security scan with the reason "Domain starting with 'www.' but no associated ports open"
with the solution of....

"Users of SecurityMetrics scanning services are encouraged to add rules to their firewalls and inform their ISPs or hosting providers that security assessment scans may originate from the scanning locations listed in the table below.
SecurityMetrics Scanners
IP Ranges Subnet Mask (Short) Subnet Mask (Long)
162.211.152.1-255 162.211.152.0/24 162.211.152.0/255.255.255.0

"

- - - Updated - - -

Oops submitted before I was finished.

How do I implement this on WHM or cPanel?

 

[quizknows]

If you are using CSF (Configserver firewall) add this line to /etc/csf/csf.ignore (NOT csf.allow, as csf.allow will make the scanner think every port is open):

162.211.152.0/24

If you are not using CSF, I highly recommend it as your software firewall for a cPanel system.

 

[cPanelMichael]

Hello

Yes, the previous post is accurate. More information about CSF is available at:

ConfigServer Security & Firewall

Thank you.