We are trying to be PCI compliant and though no banks are breathing down our necks, we have to keep at it. We are close to solving problems on ports 80 and 443 on our sites, -- mostly we need to sanitize $_POST and $_GET strings to prevent JS and SQL injection before touching the data.. but that's easily done.
We getting major failures for ports 20000 and 10000 where VirtualMin/WebMin/UserMin are running.
I'm not sure where to begin to tackle these issues, as obviously I don't have control over the code for those web apps.
I guess it would help to see what those errors are but I'm not comfortable attaching output here. I suppose I could make this a private post but i thought to start making this open to see if others have already addresses this same issue.