Discuss and resolve questions on Liquid, JavaScript, themes, sales channels, and site speed enhancements.
The host responded 4 times to 4 TCP SYN probes sent to destination port 24567 using source port 53. However, it did not respond at all to 4 TCP SYN probes sent to the same destination port using a random source port.
Not sure what your question is but if this is your running some security scan I would be making the assumption this is a false positive from it scanning the top layer of the edge-network. If you believe it's not the case then contact the do contact support team as they'll have a process to handle these kind of comments/requests.
We have the same PCI scan failure. Did support send any documents to attest it's secure?
Same scan failure here too. I contacted support. It's been a couple of weeks. All they've supplied so far is an overview of compliance but no specific verbiage for a false positive yet. I'm about to contact them a fourth time to see if I can get specific wording to address the scan failure.
did you get a reply?
did you manage to solve this? i hit the same issue
Just ran it and got the exact same fail.
Going to reply with this post
They replied with
Jul 18, 2023 | Can your organization confirm that port 53 traffic is indeed fully blocked from the outside of this firewall? | ASV
|
So Secure Trust told me to:
Please contact support for assistance.
I have put in a ticket with Shopify support and will let you know
Here is Shopify Supports reply:
"Thanks for getting in touch with Shopify Plus support, Mike here. I understand you've got some questions around PCI Compliance as well as cc'ing someone to an email thread with us. I'd be glad to help.
To address your last question first, feel free to CC anyone else you'd like to include in this email thread, just as you normally would.
Firstly, we want to assure you that Shopify is PCI-compliant. However, it's not uncommon for certain third-party scanning software to sometimes give false positives. To help you with your compliance, we can provide you with copies of our PCI compliance report, which clearly outline what might trigger these false positives.
Rest assured that Shopify conducts ASV scans on a quarterly basis. You can easily download Shopify's Service Provider PCI DSS Attestation of Compliance (AOC) from the Compliance Reports section on the Shopify Help Center. This AOC serves as evidence of Shopify's PCI DSS compliance, which can be used as part of your own PCI DSS compliance assessment.
Please note that the AOC document remains valid for one year after the QSA signature date mentioned at the end of the document. Additionally, Shopify undergoes annual assessments and updates the AOC after each assessment.
To provide further clarity, I have attached Shopify's PCI Payment Card Industry Data Security Standard (PCI DSS) responsibility matrix. This matrix clearly outlines the specific PCI DSS requirements that Shopify takes responsibility for, as well as the responsibilities that lie with the merchant."
Hey Community! As the holiday season unfolds, we want to extend heartfelt thanks to a...
By JasonH Dec 6, 2024Dropshipping, a high-growth, $226 billion-dollar industry, remains a highly dynamic bus...
By JasonH Nov 27, 2024Hey Community! It’s time to share some appreciation and celebrate what we have accomplis...
By JasonH Nov 14, 2024