The Heart Bleed Vulnerability
You may have seen on BBC news last night a worldwide vulnerability in OpenSSL that could potentially place web servers at risk. Simply put OpenSSL is a protocol for the secure...
You may have seen on BBC news last night a worldwide vulnerability in OpenSSL that could potentially place web servers at risk. Simply put OpenSSL is a protocol for the secure...
In this tutorial we will teach you how to set up an OpenVPN server on Ubuntu 12.04 server edition. The first step is to purchase a Ubuntu server from our website. Talk to our...
On Shared Hosting Spam emails can cause havoc for users of the servers. All it takes is one user on the server to neglect to update their WordPress Version, the out of date...
Recently cPanel released a preview of the ‘new look and feel’ for upcoming cPanel versions. Entitled ‘Paper Lantern’ it promises to clean up the dated and...
Hate terminal? Let us do the hard work for you, simply order an ownCloud package from our website from here. In this tutorial we will teach you how to set up an ownCloud server...
IP blocks on Shared Servers are some of the most frustrating issues for clients and we wanted to take some time to explain this. We regularly get tickets and chats informing us...
Sitting casually on Twitter this morning I saw this link tweeted by one of our clients and great minds must think alike as I had already this blog post 90% written so I finished...
Stephen K from management comments on uptime reports from October 2013 So what is your Uptime? Dealing with many of the sales tickets and chats that come in I regularly get asked...
Stephen K from management compares the speed of various VPS offerings and documents his findings. We just deployed our fastest and most powerful VPS platform ever this week and I...
Some thoughts on the acquisition of (MT) Media Temple by GoDaddy by our CEO Stephen K. Well that was an interesting 120 minutes. It’s now 7.10pm here in Belfast and I find myself...
You may have seen on BBC news last night a worldwide vulnerability in OpenSSL that could potentially place web servers at risk. Simply put OpenSSL is a protocol for the secure transmission of data across the internet.
Please read the following details carefully so you can receive assistance from our support staff if necessary to make sure your server is secure:
OpenSSL Vulnerability:
A report was released detailing a vulnerability with OpenSSL services called “The Heartbleed Bug” that was recently discovered. There is a chance that a malicious attacker can gain access to sensitive server information via this vulnerability with OpenSSL services and so our team is acting quickly to prevent any possibility of such an attack. For more information about this bug and potential security risks involved, you can visit the link provided below.
Heartbleed Bug:
http://heartbleed.com/
Shared, Reseller and Business Servers
All our shared, reseller and business servers have OpenSSL service running our shared SSL Certificates. Many of them have clients with domain level SSL certificates. We have already patched all shared, reseller and business servers early yesterday morning and we are re-issuing our SSL Certificates for the services on the server. If you use secure email your mail program may ask you to accept the new certificates and we apologise if you have issues with this.
VPS Servers
If you have a VPS server and want us to upgrade OpenSSL for you please open a ticket and we will do this for you right away. We do not routinely carry root passwords on file so we will need you to give us access – we recommend you change this to a temporary password, provide us with it and then change it again the moment we confirm the server is patched. If you have an OpenVZ Server we do not need your root password and can perform the upgrade via the node and staff are working on this systematically. If you have an unmanaged server, in this instance we will assist you free of charge.
What about SSL Certificates?
Our team is working to secure all affected services by upgrading OpenSSL to a patched version. Unfortunately, if your server has proven to be vulnerable, then your SSL certificate(s) may have been compromised. While the SSL certificates themselves were not directly affected by this bug, the OpenSSL issue may have exposed the key or other critical data used to secure connections. The best course of action is to re-issue all domain and service SSLs, and restart every service that uses SSLs. If you bought your certificate from us and want us to have your certificate re-issued then please open a ticket and we can work to have a new certificate issued. If you bought your certificate elsewhere please contact your SSL vendor. If you need assistance re-installing an SSL certificate bought from a third party on a BWF server, in this instance we will help free of charge.
Further Information
Please do not panic about this. We are working with extra staff to secure all servers and we will react quickly to any ticket asking us to patch OpenSSL on your BWF server. Hundreds of thousands of servers worldwide are affected and there is a very low risk your SSL keys are compromised. We encourage you to have your SSL Cert re-issued just to be 100% sure.
We are finding our SSL supplier are slow at actioning re-issue requests. This is more than likely due to them being overwhelmed. We will submit all re-issue requests within 30 minutes of receiving them but we do anticipate a delay in having certs re-issued and we thank you in advance for your patience on the delay that will be 100% outside of our control.
Please open a helpdesk ticket here with any questions and our team will be happy to assist you as best we can.