To administer your WestHost account, please enter your
Domain Name or Server Manager Username.

How To Deal With HeartBleed

Heartbleed Image

Over the past 48 hours, the HeartBleed bug has lived up to its name and made hearts across America beat faster.

The reason? HeartBleed is the name for a vulnerability that’s been found on certain versions of OpenSSL – a software that’s used by web servers world wide. Generally speaking, the software is used by websites and apps to encrypt the data they receive and send, in order to make it secure. The HeartBleed bug has found a way of getting access to some of this encrypted information.

The good news is, HeartBleed isn’t as heart-racing as it sounds. WestHost has double-checked its servers and they’re HeartBleed free. However, as with all security situations, there are a few things you can do for extra peace of mind.

If you’ve got WestHost web hosting or use Website Builder

It’ll take you less than a minute to beef-up your security. All you need to do is reset your WestHost passwords.

If you run your own server with WestHost

If you have used OpenSSL on your server, and in particular used it to create or install an SSL key, then you should update to the latest version of OpenSSL. You can do this in 5 easy steps.

Step 1

Have a look to see if your server is running an unpatched version of OpenSSL. To do this just log-in to your server and check which version you are using with this command.

openssl version -a

The following version is vulnerable…

OpenSSL 1.0.1 through 1.0.1f (inclusive)

While these versions are not…

OpenSSL 1.0.1g

OpenSSL 1.0.0 branch

OpenSSL 0.9.8 branch

CloudLinux OpenSSL 1.0.1e-16el6_5.7

Step 2

If you discover that you’re running a vulnerable version, you can update by following these commands…

CentOS

yum check-update

yum –y update openssl

Ubuntu

sudo apt-get update

sudo apt-get upgrade openssl

Debian

sudo apt-get update

sudo apt-get upgrade openssl

Fedora

sudo yum –y install openssl

Step 3

Now you need to make sure the update has gone to plan. To do this, check to build date of the OpenSSL. It should be after April 7 2014.

Step 4

Once you’ve updated, you’ll need to regenerate your secure keys and invalidate the ones you were using before. Finally, restart your system and carry on as normal.

About Kyle Stubbs

Kyle Stubbs is a social media specialist and content marketer. Out of the office he enjoys following foreign affairs and researching his family tree. Tweet him at @Kyle_Stubbs or connect on LinkedIn or Google+.

This entry was posted in Technical Support, Tips & Tutorials and tagged , , , . Bookmark the permalink. Both comments and trackbacks are currently closed.
Copyright © 1998–2014, WestHost. All rights reserved.  |  WestHost / Believe in Better Hosting. Privacy Policy