Skip to content

Heartbleed OpenSSL Vulnerability

by Adrian Andreias on April 10th, 2014

On April 7, 2014  CVE-2014-0160 vulnerability, also known as “Heartbleed”, was released that could allow attackers to view sensitive information in a server’s memory such as secret keys and passwords. Given the severity of this problem, IntoVPS has taken the necessary steps to secure our web sites and keep our customers’ information safe from potential attacks.

A tool has been published that allows administrators to test the vulnerability of their system. If your site has an SSL certificate, go to the Heartbleed test page, enter your website URL, and run the vulnerability test.

If you are vulnerable please update openssl as soon as possible and restart your web server.

On Ubuntu/Debian:
sudo apt-get update
sudo apt-get upgrade
sudo /etc/init.d/apache2 restart

On Centos:
yum -y install openssl
/etc/init.d/httpd restart

Also Ars is reporting that a bot has been exploiting heartbleed in the wild since at least nov 2013. Therefore, we strongly suggest to reissue all the affected SSL certificates.

 

From → How To

No comments yet

Leave a Reply

Note: XHTML is allowed. Your email address will never be published.

Subscribe to this comment feed via RSS