Heartbleed OpenSSL Vulnerability
On April 7, 2014 CVE-2014-0160 vulnerability, also known as “Heartbleed”, was released that could allow attackers to view sensitive information in a server’s memory such as secret keys and passwords. Given the severity of this problem, IntoVPS has taken the necessary steps to secure our web sites and keep our customers’ information safe from potential attacks.
A tool has been published that allows administrators to test the vulnerability of their system. If your site has an SSL certificate, go to the Heartbleed test page, enter your website URL, and run the vulnerability test.
If you are vulnerable please update openssl as soon as possible and restart your web server.
On Ubuntu/Debian:
sudo apt-get update
sudo apt-get upgrade
sudo /etc/init.d/apache2 restart
On Centos:
yum -y install openssl
/etc/init.d/httpd restart
Also Ars is reporting that a bot has been exploiting heartbleed in the wild since at least nov 2013. Therefore, we strongly suggest to reissue all the affected SSL certificates.