I have a dedicated server and need someone to perform administrative tasks to ensure a pass on the test.
The server is CentOS, WHM/cPanel running Apache. The site itslf is Drupal 6.
The current test failure report is attached.
*** UPDATE JANUARY 31st 2011 ***
I am sending this message to all that have bid on my PCI compliance project.
The reason for this email is that I really think some have bid without really reading the report. The bids range from the lowest to the highest where the highest is FIFTEEN times the lowest bid. This tell me either the person with the lowest bid is VERY cheap or does not understand what needs to be done. Equally, the highest bid is either VERY expensive or similarly misunderstands the requirements.
I have read comments such as the problem is the server has an old OS and the solution is to simply upgrade it in 2 hours. This is NOT the problem. The server is running CentOS 5.5-32 so IS current. It has PHP [url removed, login to view], WHM 11, cPanel 11 and MySQL 5. If this was the problem I would get the hosting company to fix it.
To be clear, I DO have an SSL certificate on the site, and yes, one I bought. There do seem to be problems relating to SSL but I am hopeful it relates to configuration rather than a new certificate.
I would ask those that have bid to do the following.
TO ALL BIDDERS: Can you please outline, as a list, what it is you feel that needs to be done to meet PCI compliance. No replies will be shared with other bidders. I am trying, as someone that doesn't understand how to fix this, to get a feel for who really understands what needs to be done.
Bidding the lowest price isn't the objective here. Showing you REALLY REALLY understand how to resolve this and get the server through PCI compliance in the next 1-2 weeks will win you the job. If you have worked on other PCI compliance jobs this will be a positive thing to mention too.
If you would prefer to put a few words against each item let me know and I will supply the report as an Excel spreadsheet.
I hope some of you will provide a detail as to what you can do, instead of the worst so far - "I can do this, please pick me" which I immediately ignore REGARDLESS as to experience.