• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Dsiable ftp and enable SFTP

A

andywill

New Pleskian
Failing pci scan for having port 21 unencrypted

The service running on this port (most often Telnet, FTP, etc…) appears to make use of a plaintext (unencrypted) communication channel. Payment industry policies (PCI 1.1.5.b, 2.2.2.b, 2.3, & 8.4.a) forbid the use of such insecure services/protocols. Unencrypted communication channels are vulnerable to the disclosure and/or modification of any data transiting through them (including usernames and passwords), and as such the confidentially and integrity of the data in transit cannot be ensured with any level of certainty.

Is there a way to enable SFTP and get rid on FTP ?
 
Has anyone found a solution for this? We have PCI compliance failing because this has been re-enabled somehow(a recent update perhaps?) Even though we still have the full plesk PCI compliance enabled.
 
Eric Pretorious said:
Is this KB article still relevant for Plesk 11.x?
What client should Windows users use to connect? i.e., Will Filezilla for Windows support TLS?
Are any other modifications required? e.g., Will ProFTPd continue to listen on TCP Port 21 or will it also begin listening on any other ports?
Click to expand...

It worked alright for me so it must be. Filezilla still works, just change Encryption to "Require Explicit FTP over TLS" It will still operate on port 21 unless you tell it otherwise, and the PCI scan still failed as the server responded on 21 but I disputed it as it is now encrypted and they accepted this.
 
JohnathanW said:
It worked alright for me so it must be. Filezilla still works, just change Encryption to "Require Explicit FTP over TLS" It will still operate on port 21 unless you tell it otherwise, and the PCI scan still failed as the server responded on 21 but I disputed it as it is now encrypted and they accepted this.
Click to expand...

Thanks, Johnathan. I've also changed the setting to Require Explicit FTP over TLS:
Code: 
Are clients required to use FTP over TLS?
TLSRequired yes
...and everything seems to work as expected. :)
 
You must log in or register to reply here.

Similar threads

T
Issue Explicit FTP over TLS: Initializing TLS... TLS/TLS-C negotiation failed on control channel
Replies
3
Views
4K
mow
M
K
Resolved How to set FTP with Passive mode, or SFTP
Replies
6
Views
26K
kojot
K
Edi Duluman
Question How to fix cleartext IMAP / FTP
Replies
3
Views
3K
UFHH01
U
A
Help with the compliance with Trustwave
Replies
7
Views
8K
SteveL132
S
J
How to start your online store with WooCommerce
Replies
0
Views
4K
joerg
J
Back
Top