Is your hosting PCI compliant?

Yes, our hosting is PCI compliant. However, a PCI scan of your site hosted with us will generally result in some items that need to be addressed. Part of the reason for this is that the RedHat Inc., the maker of the RedHat Linux Enterprise operating system we use, frequently backports bug fixes to software components rather than simply upgrade them to new versions.

A good resource with an explanation of this, as well as instructions for determining what you should provide to your scanning vendor so they can manually mark issues resolved, can be found here in cPanel's online documentation:

PCI Compliance Scanning and Software Versions

If you access the Linux shell (a command prompt on the Linux server hosting your site), and using the techniques described in the above article to determine what version of a particular component is on the server, and then accessing the changelog information, you can present the results to your PCI scanner and have them mark the related issues resolved.

Other items that may appear on your scan report

Weak Ciphers

You should not receive any indication of weak cipher support (SSLv2 for example), as our servers are set to not allow any of the lower security SSL protocols that are not recommended. If you are getting a weak cipher positive, please open a support ticket to let us know.

Apache or PHP vulnerabilities

We recomplie Apache and PHP as new releases are available. If you happen to show an item on your scan related to either the Apache web server software version of the version of PHP installed, please open a support ticket and we'll make sure we get the latest versions compiled.

(Note: article incomplete - still being revised.)