How to test and patch your server for the Heartbleed vulnerability
Important Update!
It was discovered that any SSL certificates that were installed on vulnerable servers may also be compromised and should be re-issued using a new private key. You will need to contact your SSL provider for instructions on how to do this.You can use the following links on how to install your new certificates in Plesk and WHM/cPanel.
Plesk: http://www.codero.com/knowledge-base/questions/99/I+have+a+dedicated+server.+How+can+I+install+my+commercial+SSL+certificate+on+my+server+using+plesk%3F
WHM/cPanel: http://docs.cpanel.net/twiki/bin/view/AllDocumentation/CpanelDocs/SslTlsManager
It was discovered that any SSL certificates that were installed on vulnerable servers may also be compromised and should be re-issued using a new private key. You will need to contact your SSL provider for instructions on how to do this.You can use the following links on how to install your new certificates in Plesk and WHM/cPanel.
Plesk: http://www.codero.com/knowledge-base/questions/99/I+have+a+dedicated+server.+How+can+I+install+my+commercial+SSL+certificate+on+my+server+using+plesk%3F
WHM/cPanel: http://docs.cpanel.net/twiki/bin/view/AllDocumentation/CpanelDocs/SslTlsManager
What is Heartbleed?
Heartbleed is a vulnerability found in certain versions of OpenSSL, the encryption software found on many Linux and Unix based servers. This vulnerability bug allows a hacker with the correct skills to read random areas of your server’s memory. By taking many, many samples, a hacker may be able to piece together the “snippets” and recreate encryption keys used to protect the server and even gain root access to the server.
How to test if your server is vulnerable to this exploit
Visit this website and enter either your domain name, or your server’s IP address.
If your server is vulnerable to this type of attack, you should repair it immediately!
How to patch and repair the Heartbleed bug
Fortunately, the fix for this is pretty simple. Log into your server as root and run the following commands based on which version of Linux you are using.
Redhat, Fedora, CentOS and other RPM distributions
yum update openssl service httpd restart
Debian, Ubuntu, Mint and other APT-GET distributions
apt-get update openssl /etc/init.d/apache2 restart
After performing the upgrade, you should test your server again using the site listed above. If you still find you are vulnerable, you may need to reboot your server to ensure all SSL related services have been restarted.
For additional information visit the Codero blog: http://www.codero.com/blog/?p=6192
Comments
So empty here ... leave a comment!