Heartbleed

Discussion in 'Security' started by Marcy, Apr 9, 2014.

  1. Marcy

    Marcy New Member

    Hello,

    Do you have any updates regarding KH's servers and Heartbleed?
     
  2. Dave G

    Dave G Member

    I requested KH to do the update for me, they did and when I asked if all the servers would be updated this is what I was told:

    "Normally the daily cpanel update will kick off a yum install which will update the openssl rpm's automatically to the patched version. Also many of the customers aware of this vulnerability and quite few of them opened cases with us. "

    You can inspect your own site/server here: http://possible.lv/tools/hb/
     
  3. Dan

    Dan Moderator

    Hi Marcy,

    If your server updates daily then you should have a version of OpenSSL that disables the heartbeat. Take a look at cPanelMichael's post on their forums to see how to confirm.

    If it turns out you don't you can run 'yum update' and accept all updates. After the update finishes you can see post #27 in the same thread for a list of generic cPanel services to restart.

    That's all done from SSH. You should also be able to update in WHM by going to Software | Update System Software as well. Although you'll still have to confirm from the commandline after that.

    Hope that helps!
     
  4. A Raheja

    A Raheja New Member

    About Heartbleed Bug, all the other websites are recommending changing of Passwords but not KH, when I asked on Ticket.
    I also have my own SSL installed and other companies are asking to get SSL re-issued and re-installed but KH support says there is no need. So I just want to re-confirm ?
     
    Last edited: Apr 10, 2014
  5. KH-Jonathan

    KH-Jonathan Director of Managed Services Staff Member

  6. A Raheja

    A Raheja New Member

    Thanks it is helpful :)
     

Share This Page