Is UnixGuru's Shared Hosting PCI-DSS Compliant


Is UnixGuru's shared hosting PCI Compliant?

No shared hosting is not PCI compliant, as there are a few things than PCI compliance requires that shared hosting cannot supply.  

1. Single Tenant

Shared hosting servers have more than 1 tenant, and therefore, they break this rule. CloudLinux CageFS containers make it as secure as a single tenant environment, but this is NOT recognised by PCI-DSS.

2. Single Purpose

They also are multi-purpose, i.e. provide Web, Database & Email Services, and therefore, break this rule.  

3. Access to the database must by via private VPN.

Whilst we do not allow connections to the database over the internet, the fact that CPanel and Directadmin allow access to phpMyAdmin breaks this rule.  

4. All file transfer must be encrypted.

We provide encrypted and unencrypted FTP, which breaks this rule.

Usually, for PCI compliance on a budget, you require two servers or VPSs, once for the web tier and one for the Database Tier.

Was this article helpful?
Dislike0 Like0

Views: 351