For 1&1 Dedicated Server, 1&1 Virtual Server
and 1&1 Dynamic Cloud Server
The Heartbleed bug is one of the most serious security flaws discovered in the OpenSSL encryption library. This vulnerability was caused by a programming error made during the implementation of a new feature in the OpenSSL TLS protocol. This vulnerability affects a key component of the system that provides a secure connection, allowing others to read your encrypted data.
Affected Server, Types of Services and OpenSSL Versions
All Internet servers that use OpenSSL encryption are affected. Not only webservers, but often also those used for E-mail, Plesk, VPN, etc.
The security gap affects OpenSSL versions starting from 1.0.1, up to 1.0.1f. If one of these OpenSSL versions is installed on your server, please run an update.
Not affected are:
- OpenSSL Versions 1.0.1g, OpenSSL 1.0.0 and OpenSSL 0.9.8
- Customers with a 1&1 WebHosting package (Shared Hosting) or a 1&1 Managed Server.
Check your OpenSSL Version
By default, OpenSSL is installed on all Linux distributions. You can find the version installed on your server by using the following Shell command:
root@s12345678:/etc# openssl version -a
OpenSSL 1.0.1 14 Mar 2012
built on: Mon Apr 7 20:33:29 UTC 2014
The version number displayed above indicates if your version could be vulnerable to the bug, but does not determine if it was in fact affected.
The date next to 'built on' is crucial. If the date is the 7th of April 2014 or later, then your version already contains the bug fix.
You can check your server's vulnerability by referring to the
Filippo.io Heartbleed page.
Protect Yourself from the Bug
- Update your system as soon as possible. Most Linux distributions offer security updates that can be performed using the standard repositories.
- Replace/renew your SSL certificate. It cannot be ruled out that data or keys have already been read.
- Read the information on http://heartbleed.com/.
Depending on the system, you can use the following commands to perform the update:
||apt-get update; apt-get install
After the update, all services using the SSL libraries must be restarted. Should you be unsure, we recommend a complete restart of the whole server.
For additional information, you may want to reference: