April 13, 2014

Critical OpenSSL security exploit (aka Heartbleed)

Important: Critical OpenSSL security exploit

A serious vulnerability has been discovered in OpenSSL (the most popular SSL module used on Linux based servers). This exploit allows a third party to steal information that would otherwise be secured and encrypted with the SSL/TLS protocol.

If you have a virtual server (VPS) or dedicated server you urgently need to apply the latest OpenSSL patches. Instructions below –

cPanel/WHM:

  1. Login to WebHostManager
  2. Go to cPanel in the left hand menu
  3. Click Upgrade to Latest Version
  4. Follow upgrade instructions
  5. Go to Software in the left hand menu
  6. Click Update System Software
  7. Follow upgrade instructions

SW-Soft Plesk

  1. Login to the Plesk Control Panel
  2. Go to to Settings
  3. Run the Plesk Updater

For the CentOS operating system:

  1. SSH in as root
  2. Run the command ‘yum update’ from the command line
  3. Yum will update the at-risk packages

For Ubuntu or Debian operating system:

  1. SSH in as root
  2. Run the command ‘apt-get update && apt-get upgrade’

If you need assistance patching your systems consider contacting a technical services company such as Aorta Consulting.