Home Guides Glossary

Securing Your Server Against the Heartbleed Vulnerability

Due to a major security flaw in OpenSSL, you should update your server to the newest version of the software. The following versions of OpenSSL are affected:

  • 0.9.8
  • 1.0.0
  • 1.0.1 through 1.0.1f

Only customers using dedicated and virtual private servers need to complete the steps listed in this article steps. These steps do not apply to Ubuntu-based servers, however.

To check your server's version of OpenSSL, run the following command:

rpm -qa openssl

If you're affected, you need to complete the following steps to update your version of OpenSSL and secure your server.

To Secure Your Server Against the Heartbleed Vulnerability

  1. Edit the file /etc/yum.repos.d/CentOS-Base.repo, and change the following highlighted lines:
    #released updates
    [updates]
    name=CentOS-$releasever - Updates
    mirrorlist=http://s2plmirror01.prod.sdl2.secureserver.net/download/mirrors/cos-$releasever-updates.$basearch
    failovermethod=priority
    #baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/
    gpgcheck=1
    gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
    to
    #released updates
    [updates]
    name=CentOS-$releasever - Updates
    #mirrorlist=http://s2plmirror01.prod.sdl2.secureserver.net/download/mirrors/cos-$releasever-updates.$basearch
    failovermethod=priority
    baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/
    gpgcheck=1
    gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
  2. Clean the yum repositories on the server by running the following command:
    yum clean all
  3. Update OpenSSL on the server by running the following command:
    yum update openssl
    This installs version openssl-1.0.1e-16.el6_5.7.
  4. Confirm the update was installed successfully by running the following command:
    openssl version -a
    The output will display the following:
    'built on: Tue Apr 8 02:39:29 UTC 2014'
    Additionally the fix can be confirmed that it is in place by running the following command:
    rpm -q --changelog openssl | head
    The first few lines will show the following:
    'fix CVE-2014-0160 - information disclosure in TLS heartbeat extension'
  5. Restart Apache or any other web server which is currently installed on the server, this will allow the new version of Open SSL to be used.
  6. Edit the file /etc/yum.repos.d/CentOS-Base.repo, and change the following highlighted lines to revert it to the original version:
    #released updates
    [updates]
    name=CentOS-$releasever - Updates
    #mirrorlist=http://s2plmirror01.prod.sdl2.secureserver.net/download/mirrors/cos-$releasever-updates.$basearch
    failovermethod=priority
    baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/
    gpgcheck=1
    gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
    to
    #released updates
    [updates]
    name=CentOS-$releasever - Updates
    mirrorlist=http://s2plmirror01.prod.sdl2.secureserver.net/download/mirrors/cos-$releasever-updates.$basearch
    failovermethod=priority
    #baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/
    gpgcheck=1
    gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
  7. Re-key any SSLs your server uses. If you use our SSLs, you can find those instructions in Rekey certificate.

Domain Registration

Pay less for website domain names. Register your own .com, .net or .org for as low as $10.18 per year. We have everything you need to get online with your new domain.

Website Builder

Build an amazing website in just under an hour with Website Builder. Take advantage of designs created just for your industry and then customize them to reflect your one-of-a-kind idea.

Website Security

Protect your website and keep customers safe. Your comprehensive Website Security solution. Get peace of mind by securing your websites.

cPanel Hosting

Everything needed to give your website the high-performance home it deserves.  Protect transactions and secure your customer's data with a SSL Certificate
Copyright © 2005 - 2024.  All rights reserved.  Privacy Policy