[BlueOnyx:04517] Re: PCI scans - with link to report

Doug Harvey dwh1958 at gmail.com
Sun May 16 21:02:20 -05 2010 

I agree. It certainly is a choice to be able to firewall and there are many
other alternatives, but in the long run, to run a good, busy ecommerce site,
you need to think beyond the just passing report.

In my case, I could have taken the mail and mysql and put them on the same
server as Apache, but in hindsight, I ended up with a really good setup that
is a lot harder to crack and a much more appreciative customer base.

For the case of the cleaning company...I can only ask...Why!?  No on-line
transactions?  They had to have been pushed, lied to and just about any
other high pressure sales tactic to make them go through what they went
through.

Doug



On Sun, May 16, 2010 at 4:34 PM, Chris Gebhardt - VIRTBIZ Internet <
cobaltfacts at virtbiz.com> wrote:

> Doug Harvey wrote:
> > Bottom line...I had to move my mail servicing to another server...The
> > database had to be on another server...Three servers total to run an
> > effective e-commerce site.
>
> Well... strictly speaking, this isn't necessarily true.   You see, their
> testing originates from a fairly narrow IP range.  At least, that's the
> case that I've witnessed with a couple of the firms.  Load that into
> your firewall, and *poof*.
>
> Not that I'm suggesting that's your answer to PCI compliance.
>
> We had one case with a shared hosting customer who did NO online
> transactions.  They're a cleaning company with a static website.  Their
> bank insisted on the PCI compliance testing (at their expense).  The
> process quite literally brought my customer to tears.  She was so upset
> and the bank's testing representative (an outsourced company) had a
> particularly bad demeanor.  After 3 years of the nonsense (annual
> reviews!) they took my advice and changed banks.   3 years later than I
> would have pulled that plug, but better late than never I suppose.
>
> Anyhow, if you just want the testing report to pass, you can make that
> happen easily enough.  Don't misunderstand me: I'm not advocating.  Just
> mentioning.  It all depends on your goals.
>
> --
> Chris Gebhardt
> VIRTBIZ Internet Services
> Access, Web Hosting, Colocation, Dedicated
> www.virtbiz.com | toll-free (866) 4 VIRTBIZ
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at blueonyx.it
> http://www.blueonyx.it/mailman/listinfo/blueonyx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20100516/07f6c55a/attachment.html>

More information about the Blueonyx mailing list