Category Archives: Technical

PCI Compliance – Continued

So after many both my own nmap and openssl and the PCI tests we are finally PCI compliant.

For MediaTemple customers however one thing kept failing the test.

This was the port 8443 which used by Plesk Virtuozo Service and is caused by having the “Offline Management” enabled.

To solve this I asked Mediatemple for help and they gladly disabled the “Offline Management”. This however did not completely solve the issue, since it still left the port open, and since Plesk was still installed it would still overwrite any customization I did to the iptables to block this port, even if I would go though the process of adding it correctly (at least what I could find).

So to solve this I did the following:

I edited the crontab:

crontab -e

and added the block line for iptables:
* * * * * /sbin/iptables -A INPUT -p tcp --dport 8443 -j REJECT

additionally to make sure I did not risk locking myself out I also added a ACCEPT line for my SSH port:
* * * * * /sbin/iptables -A INPUT -p tcp --dport MYPORTNUMBER -j ACCEPT

Cron runs this every minute so as soon as Plesk overwrites the iptables rules, the crontab runs and it’s added again.

This solved the issue which failed the PCI compliance test for me.

In theory this should also work with “Offline management” enabled which is going to be my next experiment. Additionally I am going to try adding an exception for my ip into the iptables to se if that works.

For now though we are PCI compliant and the cron will, for now, make sure it stays that way until I find a more permanent solution or Mediatemple updates the Plesk installation.

Odiogo added to GeekyNomad.com

GeekyNomad.com post can now be listened to through the service of Odiogo.com.

You can do this by using the “listen now” button or by using the “subscribe now” button in the sidebar.

Tip: Just wanted to include my experience regarding the plugin. For me it wasn’t immediately clear how I could manually determine the location of the plugin “listen now” button. Then I stumbled across a line in odiogo_listen_button.php (wp-content > plugins > odiogo_listen_button) which I had overlooked.

Around line 113 there is an option that says:

$odiogo_adv_options['manually_insert_listennow_link'] = false;

Set this to true and use the code:

<?php odiogo_listennow();?>

to include the listen button anywhere you want in your template files.

UPDATE: In one of the updates of de Odiogo button this feature (meaning $odiogo_adv_options['manually_insert_listennow_link'] = false;) was moved from around line 113 to around line 57.