(11-15-2018, 06:21 AM)aaronlroberts Wrote: So, I've just had the plugged pulled by Braintree because apparently my server configuration doesn't meet the PCI (Payment Card Industry) standards.
MOST of this is due to outdated services running Sentora.. For example, here's one of the reasons.. which I DO NOT understand a word of.
or what about this:
Here's another example:
The results of this security scan provided by "Security Metrics" totalled a 41 page PDF file with TOO many vulnerabilities so they blocked my ability to make any transactions using my website(s).
You guys at Sentora seem so caught up in this issue with Suhosin, to the point where you're happy enough to just let us sit on an old OS with multiple out of date issues with no updates or support for years... what's going on guys? Are you even working on getting this service up and running again or not?
I need an answer, I cannot waste time waiting for this damn suhosin to get compiled which is CLEARLY is not going to happen, just sounds like an excuse to me.
If a "developer" from here wants the PDF let me know.. but you guys need to get this together, otherwise it's just a insecure, messy platform.
Don't you think your post is a tad rude?
No one is making you use Sentora, and I'm pretty certain that no one has ever claimed it is PCI compliant (if they have I'd like to see it). Also, you do realise you are making use of something that is free?
"You guys at Sentora" only appears to be two people at the moment (I'm not one of them) and I think they both have far greater priorities than Sentora.
If you're post said something like "Please, can anyone help me make my Sentora installation PCI complaint", you'd probably get someone helping you. Hell, I might even have bothered to assist, and there are a couple of other active people on here who I am pretty sure would help you out.
But because of your tone I decided to spend my time on other posts. Well, apart from typing this message.
Good luck with your issue.
PS. That darn Suhosin... I know, spending all that time on something that helps keep your server secure. Fancy that! Maybe if you squeeze us hard enough we'll be able to just pop out an update and get on with it?