Heartbleed is probably the worst thing ever happen to internet in whole. Its old news, all server and application should be already updated. If your server is not, here I will share very basic process to fix it, should not have more then 1 min. Yes, just 1 min and your server will be secured from Heartbleed Vulnerability.
I will not go into detail about Heartbleed Vulnerability, whats and how. I will share resource if you still dont know details, and interested just go though those.
1) Main resource – Heartbleed.com
2) All You Need To Know About The Heartbleed Bug – By The Tech Journal
So, basics are OpenSSL which is part of any web server, application was vulnerable to a bug, identified as “CVE-2014-0160“. Specifically OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable. The fix has been released, even before the bug came into discussion to the mass. So to protect your server you have to update your OpenSSL application running in your server.
How to protect your server & update OpenSSL?
If you manage your own server(means self-managed hosting), you have to fix it by yourself. If you use managed hosting like Shared Hosting or hosted application (like WPEngine ) then you dont have to worry, they probably have to updated it and fixed the issue. Or you should contact them and ask to fix it.
But if you manage your own server, like we do at ARCom, you need to take care of it.
In reality you should fixed and patched it months ago, if for any weird reason if you are not, like being lazy or not paying attention, you should act fast. It will not take even a full minute, I promise.
I am considering you manage either CentOS or Ubuntu server, as those are most popular for self-managed server. Here I will provide quick command fix that you will need.
Note: If somehow you dont know what OS you are running, I wrote an short article on that, check.
Update OpenSSL Only
* For just updating OpenSSL you dont need to backup anything specially. But I am assuming you already have basic DB & file backup in place.
CentOS
Check Version
# First check what version of OpenSSL you are running
[syntax type=”html”]rpm -q -a | grep “openssl”[/syntax]
If its below “openssl-1.0.1e-16.el6_5.7” you need to update. This string could be hard to understand. In that case keep reading and run update.
Run Update
[syntax type=”html”]yum update openssl[/syntax]
*Add “sudo” if you are not running as “root”.
You are done, safe from Heartbleed!
Ubuntu
Check Version
# First check what version of OpenSSL you are running
[syntax type=”html”]dpkg -l | grep “openssl”[/syntax]
If its below “1.0.1e-2+deb7u6” you need to update. This string could be hard to understand. In that case keep reading and run update.
Run Update
[syntax type=”html”]sudo apt-get install –only-upgrade openssl[/syntax]
You are done, safe from Heartbleed!
Alternate: Update Full System
* You need to back up before proceed. Specially backup you php.ini, any extension you are running, any auto run you are rolling. And I hope you know what you are doing.
CentOS
Update full system
[syntax type=”html”]sudo yum update[/syntax]
You are done, safe from Heartbleed!
Ubuntu
Update full system
[syntax]
sudo apt-get update
sudo apt-get dist-upgrade
[/syntax]
You are done, safe from Heartbleed!
How to check if a site or server is Vulnerable to Heartbleed bug?
Visit this site – https://filippo.io/Heartbleed/
Important:
Here, I assumed you are not using SSL/HTTPS. If you are using, head over to this article, it talks about how to generate new certificate & private key. Its very important.
Special Note: As this tutorial and post is meant for those who manage their server, so I hope you know what you are doing. I will not be responsible if you broke anything while trying this. As environment for different server is very different. And here I wrote this what have worked for me in several cases and whats is very well accepted solution from all major source in net. Don’t forgot those share your experience with me in comment box below.
Resource:
How to Protect your Server Against the Heartbleed OpenSSL Vulnerability
Leave a Reply