If you complete a PCI DSS scan (completed by companies such as
SecurityMetrics and Trustwave) against a site hosted on one of our
shared servers you may find that it is returned as failed. This is usually due to port 3306 being open. Port 3306 is the default port for MySQL and we must keep this open in order to allow remote connections to be completed - many customers do use this to connect to a database from external sites or services.
Additionally it's worth nothing that the PCI DSS scan is only the first
stage of the PCI compliance application. The second stage will require
you to answer a number of questions regarding security procedures,
including amongst other things, whether you have control over who has
access to your data. Ultimately all our support and system
administrative staff do have access to all areas of a shared web server so an application would fail on this point.
If PCI compliance is a necessary requirement for your site then you would need to look towards a VPS or dedicated server - you have full control over these servers to close the ports and make any changes necessary to pass the scan. Additionally we give you root access to the server
so you have full control over who can and cannot access it - if you
change the root password for example then we aren't able to access the server without your permission.
