I'm hoping someone can help. I've submitted a support ticket 6 days but have yet to hear anything back.
We are trying to make our site PCI compliant and the last issue is that FTP is transmitting usernames/passwords in clear text. All of our accounts are either SSH or SFTP. I also have "Disallow FTP" on all of the users.
The PCI compliance company (or the merchant) is saying this isn't good enough and FTP has to be disabled. From what I understand, on shared accounts, this isn't possible. But, Dreamhost advertises that their shared accounts are PCI compliant.
I'm lost here. We've fixed ALL of our PCI issues except for this and now we are stuck. Dreamhost isn't responding and the merchant says it needs to be fixed.
Edit: We are on a Dreampress VPS account.