On Monday, April 7th, 2014, a critical bug in OpenSSL was discovered which allows attackers to read memory information from servers with OpenSSL installed. As many of InMotion servers run OpenSSL, our system administrators have diligently patched the exploit on all affected systems.

Update: Mashable has released a list of possibly compromised sites that you will need to change your passwords to due to the Heartbleed exploit which includes Facebook, Google, and Yahoo. Even if the site is not listed here, it is always a great idea to change your password to be absolutely sure that your account has not been compromised. This is especially true of smaller websites as they may not have placed the fix as quickly as others have.

We now have a more in-depth guide that covers how to check for the OpenSSL Heartbleed bug as well.

What is the Heartbleed bug?

The Heartbleed bug takes advantage of a bug in OpenSSL which allows any normal user to read information stored in memory without any additional privileges on the server. This means that information such as usernames, passwords, SSL keys, emails, and other critical information is able to be read directly from the server without additional access.

How do I know if I am vulnerable?

OpenSSL versions 1.0.1 through 1.0.1f are vulnerable to attack. If you are currently running one of these versions of OpenSSL, you are vulnerable. We have, however, already patched our servers to ensure your security.

How do I protect myself from the Heartbleed bug?

The good news is, that if you are in InMotion Hosting customer, we have already patched it for you so that the server that houses your account cannot be exploited. If you are not hosted with us, we still want to help. To fix the issue, simply upgrade OpenSSL to the newest version available. Most Linux distributions such as CentOS and Debian have already pushed the update to their repositories.

How do I know if I have already been affected?

Unfortunately, due to the nature of this exploit, there is not a way to identify if you have been attacked. If you think you may have been attacked, we recommend that you update your SSL keys and passwords to ensure your security; not only within your hosting account, but on social media accounts like Facebook or Twitter, email accounts, and bank accounts.

Did you find this article helpful?

We value your feedback!

Why was this article not helpful? (Check all that apply)
The article is too difficult or too technical to follow.
There is a step or detail missing from the instructions.
The information is incorrect or out-of-date.
It does not resolve the question/problem I have.
How did you find this article?
Please tell us how we can improve this article:
Email Address
Name

new! - Enter your name and email address above and we will post your feedback in the comments on this page!

Related Questions

Here are a few questions related to this article that our customers have asked:
Ooops! It looks like there are no questions about this page.
Would you like to ask a question about this page? If so, click the button below!
Ask a Question

Post a Comment

Name:
Email Address:
Phone Number:
Comment:
Submit

Please note: Your name and comment will be displayed, but we will not show your email address.

0 Questions & Comments

Post a comment

Back to first comment | top

Need more Help?

Search

Ask the Community!

Get help with your questions from our community of like-minded hosting users and InMotion Hosting Staff.

Current Customers

Chat: Click to Chat Now E-mail: support@InMotionHosting.com
Call: 888-321-HOST (4678) Ticket: Submit a Support Ticket

Not a Customer?

Get web hosting from a company that is here to help. Sign up today!