Hivelocity Customers,
Due to the recent discovery of a vulnerability within OpenSSL encryption known as HeartBleed, action is required to ensure your Linux server’s data is secure. Windows servers are not affected. Below are 5 sets of instructions for fully-managed customers, self-managed customers, self-managed cPanel customers, self-managed Cloud Linux 6 customers and lastly instruction that everyone needs to follow once the patch is applied.
Fully-managed cPanel servers:
Because you have signed up with Hivelocity’s managed services we have already applied a patch to your server that should fix the vulnerability. However, we encourage all customers to test their server at https://filippo.io/Heartbleed/ to confirm the vulnerability is in fact patched as some servers do need additional hands-on to resolve the issue. Once you are confident the vulnerability is patched we encourage all customers to re-key and reissue the certificate at your registrar. As a precaution we recommend resetting any passwords that would have been transmitted over the SSL before the patch was applied (today at noon Eastern Standard Time).
Self-managed cPanel servers:
Resolve the issue by running the following commands;
1. SSH to your server
2. yum update openssl
3. /scripts/upcp —force
4. /etc/init.d/cpanel restart
5. stop apache with the command: service httpd stop
6. kill any remaining apache processes
7. start apache with command: service httpd start
8. Please test your server at https://filippo.io/Heartbleed/ to confirm the server is patched.
9. If your server still shows vulnerable still after step #8 we have found it is necessary to recompile apache. Recompile apache and run step #8 again.
Self-managed Linux servers:
You will have to update openssl with the appropriate package manager and restart any services that rely on openssl.
Self-managed CloudLinux 6 servers:
Resolve the issue by running the following commands;
1. yum clean all
2. yum update openssl
3. cagefsctl –force-update (only if you have cagefs installed do you need to run this command, if you do not have this installed skip to step 4)
4. /etc/init.d/httpd stop
5. /etc/init.d/httpd start
Self-managed CloudLinux 6 servers:
Resolve the issue by running the following commands;
1. yum clean all
2. yum update openssl
3. cagefsctl –force-update (only if you have cagefs installed do you need to run this command, if you do not have this installed skip to step 4)
4. /etc/init.d/httpd stop
5. /etc/init.d/httpd start
All servers:
We encourage all customers to test their server at https://filippo.io/Heartbleed/ to confirm the vulnerability is in fact patched as some servers do need additional hands-on to resolve the issue. Once you are confident the vulnerability is patched we encourage all customers to re-key and reissue the certificate at your registrar. As a precaution we recommend resetting any passwords that would have been transmitted over the SSL before the patch was applied (today at noon Eastern Standard Time).
Below you will find a list of URLs to the portals that will allow you to re-issue your clients’ certificates:
-
- Verisign- https://www.verisign.com/
-
- Thawte- https://www.thawte.com/
-
- Geotrust- https://www.geotrust.com/
If you have any questions please contact us right away via trouble ticket .
Hivelocity Support Team
HIVELOCITY | Engineering
888-869-4678 ext. 2 | Hivelocity.net
