OpenSSL/Heartbleed Information for Your Server
A critical vulnerability with OpenSSL, known as "The Heartbleed Bug" was recently announced that could potentially impact your virtual private or dedicated server. You can learn more about it at http://heartbleed.com/.
Are you vulnerable?
If you are running certain versions of OpenSSL on your Linux server, you may be at risk.
How can you check?
Run the test available at http://filippo.io/Heartbleed/ — this will tell you whether or not your server is impacted.
What if your server is at risk?
- Update your server to the latest version of OpenSSL. We have instructions for you here.
- Restart all Apache services in your server.
- Rekey any SSL your server uses. This removes any future potential risk. We have instructions for rekeying certificates you purchased through us here.
- Ensure you're using your SSL properly by using an SSL configuration tool (Qualys SSL Labs has one here) and a mail server configuration tool (we recommend CheckTLS.com).
Double-check your domain name at http://filippo.io/Heartbleed/ and make sure you get an "All good" response.
Please note, Heartbleed is a critical vulnerability. It has affected nearly two-thirds of the Internet and many large Internet companies have been working long hours to update their services to keep our customers and visitors safe.