How To Deal With HeartBleed

April 10th, 2014 by

Heartbleed Image

Over the past 48 hours, the HeartBleed bug has lived up to its name and made hearts across America beat faster.

The reason? HeartBleed is the name for a vulnerability that’s been found on certain versions of OpenSSL – a software that’s used by web servers world wide. Generally speaking, the software is used by websites and apps to encrypt the data they receive and send, in order to make it secure. The HeartBleed bug has found a way of getting access to some of this encrypted information.

The good news is, HeartBleed isn’t as heart-racing as it sounds. WestHost has double-checked its servers and they’re HeartBleed free. However, as with all security situations, there are a few things you can do for extra peace of mind.

If you’ve got WestHost web hosting or use Website Builder

It’ll take you less than a minute to beef-up your security. All you need to do is reset your WestHost passwords.

If you run your own server with WestHost

If you have used OpenSSL on your server, and in particular used it to create or install an SSL key, then you should update to the latest version of OpenSSL. You can do this in 5 easy steps.

Step 1

Have a look to see if your server is running an unpatched version of OpenSSL. To do this just log-in to your server and check which version you are using with this command.

openssl version -a

The following version is vulnerable…

OpenSSL 1.0.1 through 1.0.1f (inclusive)

While these versions are not…

OpenSSL 1.0.1g

OpenSSL 1.0.0 branch

OpenSSL 0.9.8 branch

CloudLinux OpenSSL 1.0.1e-16el6_5.7

Step 2

If you discover that you’re running a vulnerable version, you can update by following these commands…


yum check-update

yum –y update openssl


sudo apt-get update

sudo apt-get upgrade openssl


sudo apt-get update

sudo apt-get upgrade openssl


sudo yum –y install openssl

Step 3

Now you need to make sure the update has gone to plan. To do this, check to build date of the OpenSSL. It should be after April 7 2014.

Step 4

Once you’ve updated, you’ll need to regenerate your secure keys and invalidate the ones you were using before. Finally, restart your system and carry on as normal.

  • Share this post

March Madness: Bracket Secrets from the WestHost Team

Why Backups Are Important [Infographic]

Comments are closed.