MightyMerchant Services & Features > Services > Frequently Asked Questions > Website Hosting, Servers and Technical Stuff

Website Hosting, Servers and Technical Stuff

What kind of servers are your sites hosted on?

Our sites are hosted on a Redhat Enterprise Linux ES4 server. It features redundant disk storage for speed and reliability, and a 64-bit processor. The web server components are built upon open source software, such as Apache and MySQL.
Back to Top

What kind of maintenance do web servers require?

The maintenance that web servers require is not that different from the computer you're using right now, though it is more complicated and more people are affected when something is broken! There are many software components used to deliver a web page when someone requests it, and we need to keep informed of any bugs or security issues with that software, and keep it as up to date as possible. There is also the daily maintenance of removing old log file entries, backing up site files and database data, and many other tasks that keep your site available and running smoothly.
Back to Top

Where are your web servers located?

Our bandwidth provider is Rackspace, the industry leader for co-location and managed server environments.
Back to Top

Do you shut down your servers for routine maintenance?

Not on a regular basis. If your site will be unavailable for more than a few minutes, we will schedule the maintenance in advance and you will be notified via email.
Back to Top

What programming language do you use to build your software?

MightyMerchant is written in PHP.
Back to Top

Can you install a security certificate on my website?

You may choose to use our shared security certificate, or we can install one specifically for your website (for an additional monthly fee). Our security certificate is an SSLv3 certificate issued by GeoTrust. Your customers are equally protected with our shared certificate versus installing your own; the only benefit to installing your own is that the URL in their browser will always show your domain name, rather than ours.
Back to Top

How do you handle PCI scans?

As Payment Card Industry (PCI) standards become increasingly important for the credit card processing industry, a number of companies have begun to offer services that periodically scan your website and identify potential vulnerabilities or concerns that could effect your level of PCI compliance. Some of these vendors, such as McAfee and Trustwave, offer badges you can place on your website to demonstrate that you are taking a proactive approach to credit card security.

We welcome these scans and appreciate the ongoing data they give us regarding our performance and how we can improve our security practices. However, these scans and the related monitoring and communication result in additional resource / service burdens.

To help our clients understand the nuances of PCI scanning, we have put together this list of concerns and situations and how we will handle them.

PCI scans are evaluations of your specific website, as well as the web server where your site resides and the core software that is running on the server. Results of PCI scans are used to report your PCI compliance status to your merchant account provider.

We have never had a situation where a problem identified by a PCI compliance scan could not be fixed and/or resolved.

We cannot know how long it will take to fix a vulnerability or problem until we have seen the PCI scan report. Most problems can be resolved within one week, and frequently in one day.

If a PCI scan identifies a problem that is in our core software or our servers, we will fix these at no charge.

If the PCI scan identifies a problem with a third party software integration, a feature/functionality we developed specifically for your website, a data feed, or data/content taken from another site/source, we will need to charge you to fix the issue (at an hourly rate of $65 or $100, depending on the nature of the problem).

PCI security scans are programs that run automatically and autonomously. They scan thousands of websites built on a massive variety of platforms and servers and, needless to say, they are not set up to run custom scans for each possible variation. Sometimes, a PCI scan will identify something incorrectly as a vulnerability or it will mark something as a problem that is irrelevant to your website. We call this a false positive. In such cases, there is not something for us to "fix", instead, there are standard procedures (each company is different) we have to go through on your behalf to get the matter resolved. Depending on the vendor, there can be a significant amount of communication involved. We will need to charge you to review and/or resolve the issues (at an hourly rate of $65 or $100, depending on the nature of the problem).

PCI scans are very thorough and often present non-critical issues that do not effect PCI Compliance or website security (i.e. Level 5 issues vs. Level 1 issues). These are usually informational or not relevant to your website (false positives). Our policy is to ignore these. If you would like us to evaluate / deal with non-critical issues we will need to charge you to resolve the issues (at an hourly rate of $65 or $100, depending on the nature of the problem).

Many vendors require you to fill out a twelve part questionnaire describing your security practices. Some of the questions may relate to the website and some may relate to your internal business practices. If you have specific questions for us related to our security practices, we can usually answer them. If you would like assistance with filling out the questionnaire, we can assist you at a rate of $65/hour.

We offer a robust PCI compliant payment solution through Element Payment Systems that eliminates the need for the credit card information to travel through your website and our web servers. This solution helps to avoid the hassles related to PCI Compliance and provides an excellent level of security. Please let us know if you would like to find out more details.