SSL HeartBleed Vulnerability Patched

heartbleed1

As some of you already know, a major vulnerability in some versions of the OpenSSL software libraries was announced two days ago. It got the fancy name “HeartBleed” and in short, allows anyone on the Internet to read the server memory protected by the vulnerable versions of the OpenSSL software and hijack your SSL’s private key. The interesting information is that not all old versions of the software are affected and there are some older and some newer ones that have it.

As you should expect from SiteGround, we did not lose any time taking the proper actions under these circumstances and we immediately started patching the vulnerability. On the day the bug was announced, we reviewed how many and which of our servers were affected. Luckily, that weren’t so many servers. As of yesterday, the OpenSSL libraries on those servers are updated to the newest version, which was released with a patch for the HeartBleed vulnerability.

However, as we like to be extra cautious, we decided to take some extra steps to guarantee your comfort and security. It turns out that the updated OpenSSL software will not protect you if, for example, your certificate’s private key was already stolen by hackers. We are NOT aware of any such cases on our servers, however, as we take security very seriously, we decided to re-issue with new private keys all certificates that were installed on the servers with previously vulnerable OpenSSL libraries versions.

We waited for our SSL provider to confirm that they have also patched their software against the same vulnerability so we could begin the reissuance. That was confirmed today and we have now started reissuing the SSLs.

No actions are expected from our customers as the reissuance will be done automatically on a server level and will not affect your website in any way. We will send an email to all customers whose certificates were reissued once we complete the process.

Thank you for trusting us on this matter!

Access email sent!

Sign Up For
More Awesome Content!

Subscribe to receive our monthly newsletters with the latest helpful content and offers from SiteGround.

Thanks!

Please check your email to confirm your subscription.

Tenko Nikolov

SiteGround CEO

For the last few years Tenko Nikolov has been one of the masterminds behind the success of SiteGround. He has come up with multiple successful strategies for overcoming technical problems and has achieved real business results for SiteGround. His vision and skills have made SiteGround a leading host in terms of technology and platform reliability.

Comments ( 15 )

author avatar

Reginald

Apr 09, 2014

Great to hear! Glad you guys took the extra step. Keep it up *from a happy customer* :D

Reply
author avatar

lily

Apr 09, 2014

Great to hear new knowledge from you. Thanks!

Reply
author avatar

Jayme

Apr 09, 2014

Thank you for this update. This news, and the transparency with which Siteground is working, is very much appreciated. It was also great to see you posting updates via your Twitter account.

Reply
author avatar

Keith Davis

Apr 09, 2014

My host has just updated and good to see that you guys are on the ball. I wonder if all hosts are as quick as you guys!

Reply
author avatar

Jonathan

Apr 10, 2014

So comforting to hear this

Reply
author avatar

VA

Apr 10, 2014

Should we modify our CPanel, Siteground and application passwords? Info is around also about possibly stolen passwords. Waiting for reply, thanks!

Reply
author avatar

Marina Siteground Team

Apr 10, 2014

Hello VA, Based on the information we have about the vulnerability, it is highly unlikely that it was ever exploited by hackers on our servers. It was responsibly disclosed and became public after a security patch was released for it. We patched few hours later, hardly giving time to anyone take advantage of the vulnerability. That is why we will not be forcing large scale password change. However, it’s always a good general recommendation to update your passwords frequently and you may use the case as a great motivation to do so. Regards!

Reply
author avatar

Henry

Apr 11, 2014

Although it was responsibly disclosed, there were at least two teams that discovered it around the same time. There are also rampant rumors that there were leaks about the issue prior to the patch release. SiteGround's prompt response is worthy of kudos. Out of an abundance of caution, I would suggest that you regenerate new self-signed certificates on your servers, also. Ideally the old public key would be added to a certificate revocation list (CRL). Admittedly support for that is dodgy on the Internet.

Reply
author avatar

Patti

Apr 10, 2014

I am SO glad to be hosting with you!! I knew you guys would be on top of this. My site is SSL so I was worried at first. Much appreciated!!

Reply
author avatar

Andre Bellafronte

Apr 10, 2014

really good to hear. Transparency and honesty of Siteground! I hope not receive the email for you lol

Reply
author avatar

Big Fan Yan

Apr 11, 2014

Great work guys! Its good to be in the loop even if I don't get all the jargon.

Reply
author avatar

Marina Siteground Team

Apr 11, 2014

We have completed the reissuance of the SSL certificates that were installed on servers with previously vulnerable OpenSSL version. It took us longer than expected as due to a bug in the system of our SSL provider, we had to reissue the new private keys twice. All sites should function normally and no action is required from clients. An email is sent to all affected clients.

Reply
author avatar

James Doolin

Apr 11, 2014

Thank you, confirms my well placed confidence in Siteground.

Reply
author avatar

Bruce Wilson

Apr 18, 2014

Recently moved to SiteGround and this was so refreshing to see the quickness with attacking the problem and most important the transparency of what you were doing and letting us know immediately.

Reply
author avatar

WP Valet - Heart Bleed Bug Security and Best Practices » WP Valet

Apr 19, 2014

[…] what WP Engine and SiteGround have to say about their responses to the Heart Bleed […]

Reply

Start discussion