[BlueOnyx:22367] Re: PCI - lighttpd
webmaster
webmaster at oldcabin.net
Thu Aug 30 13:50:31 -05 2018
Michael and Chuck,
No they did not have access to the server. Just their port scan.
I blocked that port with iptables so... the scan should pass
I was dealing with these clown a few years back and their scans showed I
had ports open that are only on windoz machines.
They are no different that the hackers pounding away at wordpress. I
treat PCI people like threats. They scan my server, I block them.
They have to find something (make something up) in order to justify their BS
What's sad is the client has no clue on what is going on and how the PCI
people are taking them to the cleaners. These are the same clients that
think "finers1234" is a strong password so what can I say
Thanks all!
--Tim
> Hi Chuck,
>
>> They just port scan the IP, and look up what usually runs on that port.
>> I had some stuff running on odd-ball ports on the router in front of the
>> server. Their port scan detected the ports, and refused to pass the PCI
>> Compliance until I shut it down.
> That's how a PCI compliance check works, yeah. A trained monkey clicks a
> button to launch the scan and then writes down which light (green,
> yellow, red) it showed. In crayon - if he hasn't eaten it by then. ;-)
>
More information about the Blueonyx
mailing list