Recently, a very serious vulnerability in the OpenSSL library has been found. The bug, named Heartbleed allows the theft of information which would normally be protected by SSL/TLS encryption. SSL/TLS is used to encrypt and secure vast amounts of data and privacy on the entire Internet. It’s used in web, SSL certificates, e-mail, and some instant messaging clients, among other things.
The Heartbleed bug allows anyone to read the memory of systems protected by compromised versions of the OpenSSL library. The result is compromised secret keys which can allow a malicious third party to decrypt traffic, names, passwords, and many other bits of user data traveling across links which use a compromised Open SSL library. Basically, this issue allows attackers to view sensitive data and communications as well as to steal data directly from services. It also allows attackers to impersonate legitimate services and users.
This vulnerability poses major problems for secure communications on the entire Internet. To determine if your server, site, or any other sites that you may use are effected by this vulnerability, please visit this site and enter whatever URL you would like to test:
If you determine that your server is effected by this vulnerability, and you’re running cPanel/WHM there is a relatively quick way to fix your server. cPanel has already released a patch, so be sure to take a moment to apply it. Here’s how:
1. Login to WHM on your server.
2. Go to the cPanel submenu in WHM and click “Upgrade to Latest Version”
3. Once you’re in the “Upgrade to Latest Version” section of WHM, be sure to click “Force a reinstall even if the system is up to date.” Then click the “Click to Upgrade” button.
4. After the upgrade process has completed, be sure to restart Apache via WHM. A more comprehensive approach would be to reboot your server completely.
*Any and all services that rely on OpenSSL should be restarted after updating.
If you’re not running cPanel/WHM on your server, the following commands issued from a root shell should do the trick:
yum update -y openssl
If you still need help with this, please get in touch with our technical team. We’ve got management solutions to help you through this issue.