Failing PCI compliance


#1

SecurityMetrics fails Dreamhost on PCI compliance because the DH OpenSSH is not version 5.8 or higher.

I realize DH patches their version, and the “fail” is a false negative. However, that will be of no comfort when my credit card processor fines me and terminates my account due to non-compliance.

Is it really true that I have to switch to another hosting company for no other reason than DH failing to take this seriously?


#2

I ran another SecurityMetrics scan last night, and this time the site passed PCI compliance. I don’t know what the difference is between now and three weeks ago but something obviously changed, either at DH or at SecurityMetrics.