FTP server does not support 'AUTH TLS'


#1

SecurityMetrics has suddenly decided my site is no longer PCI compliant. The error I understand the least is:

“This FTP server does not support ‘AUTH TLS’”

I don’t have any FTP users. I have checked the ‘disallow FTP’ box for my two shell users. I have enabled enhanced security everywhere I could find it.

Are there any other actions can I take to make “FTP server does not support ‘AUTH TLS’” go away?


#2

You might check with SecurityMetrics and find out exactly what they are testing there.

One thought I have is that dreamhost creates an “ftp” A record automatically. i.e. ftp.example.com
The service is going to answer with a login prompt even if the “user” doesn’t have privileges to login. Perhaps asking to support to delete those “ftp” A records would clear the problem. It might not tho, since the domain name itself on port 21 will still prompt for ftp login.

You didn’t say which dreamhost product you have (and it may be relevant): shared, vps, dedicated?

Also support usually jumps on helping with PCI compliance issues, Have you opened a ticket?