How To Deal With HeartBleed
Over the past 48 hours, the HeartBleed bug has lived up to its name and made hearts across America beat faster.
The reason? HeartBleed is the name for a vulnerability that’s been found on certain versions of OpenSSL – a software that’s used by web servers world wide. Generally speaking, the software is used by websites and apps to encrypt the data they receive and send, in order to make it secure. The HeartBleed bug has found a way of getting access to some of this encrypted information.
The good news is, HeartBleed isn’t as heart-racing as it sounds. WestHost has double-checked its servers and they’re HeartBleed free. However, as with all security situations, there are a few things you can do for extra peace of mind.
If you’ve got WestHost web hosting or use Website Builder
It’ll take you less than a minute to beef-up your security. All you need to do is reset your WestHost passwords.
If you run your own server with WestHost
If you have used OpenSSL on your server, and in particular used it to create or install an SSL key, then you should update to the latest version of OpenSSL. You can do this in 5 easy steps.
Step 1
Have a look to see if your server is running an unpatched version of OpenSSL. To do this just log-in to your server and check which version you are using with this command.
openssl version -a
The following version is vulnerable…
OpenSSL 1.0.1 through 1.0.1f (inclusive)
While these versions are not…
OpenSSL 1.0.1g
OpenSSL 1.0.0 branch
OpenSSL 0.9.8 branch
CloudLinux OpenSSL 1.0.1e-16el6_5.7
Step 2
If you discover that you’re running a vulnerable version, you can update by following these commands…
CentOS |
yum check-update yum –y update openssl |
|
Ubuntu |
sudo apt-get update sudo apt-get upgrade openssl |
|
Debian |
sudo apt-get update sudo apt-get upgrade openssl |
|
Fedora |
sudo yum –y install openssl |
Step 3
Now you need to make sure the update has gone to plan. To do this, check to build date of the OpenSSL. It should be after April 7 2014.
Step 4
Once you’ve updated, you’ll need to regenerate your secure keys and invalidate the ones you were using before. Finally, restart your system and carry on as normal.