- Posted by bwf
- On April 9, 2014
- 0 Comments
You may have seen on BBC news last night a worldwide vulnerability in OpenSSL that could potentially place web servers at risk. Simply put OpenSSL is a protocol for the secure transmission of data across the internet.
Please read the following details carefully so you can receive assistance from our support staff if necessary to make sure your server is secure:
A report was released detailing a vulnerability with OpenSSL services called “The Heartbleed Bug” that was recently discovered. There is a chance that a malicious attacker can gain access to sensitive server information via this vulnerability with OpenSSL services and so our team is acting quickly to prevent any possibility of such an attack. For more information about this bug and potential security risks involved, you can visit the link provided below.
Shared, Reseller and Business Servers
All our shared, reseller and business servers have OpenSSL service running our shared SSL Certificates. Many of them have clients with domain level SSL certificates. We have already patched all shared, reseller and business servers early yesterday morning and we are re-issuing our SSL Certificates for the services on the server. If you use secure email your mail program may ask you to accept the new certificates and we apologise if you have issues with this.
If you have a VPS server and want us to upgrade OpenSSL for you please open a ticket and we will do this for you right away. We do not routinely carry root passwords on file so we will need you to give us access – we recommend you change this to a temporary password, provide us with it and then change it again the moment we confirm the server is patched. If you have an OpenVZ Server we do not need your root password and can perform the upgrade via the node and staff are working on this systematically. If you have an unmanaged server, in this instance we will assist you free of charge.
What about SSL Certificates?
Our team is working to secure all affected services by upgrading OpenSSL to a patched version. Unfortunately, if your server has proven to be vulnerable, then your SSL certificate(s) may have been compromised. While the SSL certificates themselves were not directly affected by this bug, the OpenSSL issue may have exposed the key or other critical data used to secure connections. The best course of action is to re-issue all domain and service SSLs, and restart every service that uses SSLs. If you bought your certificate from us and want us to have your certificate re-issued then please open a ticket and we can work to have a new certificate issued. If you bought your certificate elsewhere please contact your SSL vendor. If you need assistance re-installing an SSL certificate bought from a third party on a BWF server, in this instance we will help free of charge.
Please do not panic about this. We are working with extra staff to secure all servers and we will react quickly to any ticket asking us to patch OpenSSL on your BWF server. Hundreds of thousands of servers worldwide are affected and there is a very low risk your SSL keys are compromised. We encourage you to have your SSL Cert re-issued just to be 100% sure.
We are finding our SSL supplier are slow at actioning re-issue requests. This is more than likely due to them being overwhelmed. We will submit all re-issue requests within 30 minutes of receiving them but we do anticipate a delay in having certs re-issued and we thank you in advance for your patience on the delay that will be 100% outside of our control.
Please open a helpdesk ticket here with any questions and our team will be happy to assist you as best we can.