Category Archives: Security

The Heartbleed bug and what you need to know


HeartbleedIn the last few days I am sure that you’ve heard about an Internet-wide security exploit called the Heartbleed bug. Security here at GreenGeeks is a top priority and we take it very seriously. Once learning about the exploit, technically referenced as CVE-2014-0160, we began to address it immediately.  We have created this article to help you understand a bit more about Heartbleed, how you can protect your information and what we’ve done to address it.

What is Heartbleed

The Heartbleed bug is a very serious security vulnerability in the popular OpenSSL cryptographic software library used to secure information traffic across much of the Internet. It was nicknamed “Heartbleed” because the vulnerability could leak/bleed information and was involved in the Heartbeat function of OpenSSL. The weakness allows hackers to steal information that is normally protected by the SSL/TLS encryption used to secure the Internet. SSL encrypts information sent over networks such as web, email, IM, etc. With the bug, names, passwords, and any sensitive information could be “sniffed” resulting in stolen data directly from any website.

What is being done about the Heartbleed Bug?

The vulnerability was identified, given a reference of CVE-2014-0160 and was patched by the team at OpenSSL. This patch was made publicly available to service providers across the world, including GreenGeeks. We have patched, tested and verified that all of our systems are secured with this latest patch from OpenSSL.

As mentioned before, we take security very seriously and is a top priority for us. Upon discovering the exploit, we began immediate action to secure our servers. We believe that the likelihood of exploit is very minimal. As always, we will continue to be vigilant to ensure the safety and security of our systems.

Has GreenGeeks replaced their SSL’s?

Yes, upon discovery our team has quickly patched and replaced all SSL’s on our network.

Is My Server Vulnerable?

Anyone relying on OpenSSL was vulnerable. Upon discovery of the exploit, we patched our entire network and are now protected from the vulnerability.

Will the SSL I purchased from GreenGeeks be Updated?

Yes, while the risk of exploitation is extremely low, as a pre-caution we are working with our SSL provider to re-issue all SSL certificates that were purchased directly through us. This process is being done automatically for you and there is no involvement required.

What if I purchased an SSL certificate from a third-party provider?

Re-issuing the certificate is a choice you’ll have to make. If you feel that it’s worth your time, then it’s a good idea to get your SSL reissued. The likelihood of your keys being exploited are very low. If you decide to go ahead with the change, then please contact your SSL provider. Once you’ve received your new private key, certificate and CA bundle, our team will be more than happy to help you install the certificate. Alternatively, you can simply buy a new SSL certificate through us where we will handle similar situations such as this for you.

Has any of my information been compromised?

Anyone relying on OpenSSL was vulnerable. Upon discovery, we immediately patched our system. The chance that your keys were exploited are very minimal due to the lack of public exploit at the time of disclosure. We recommend that you always change your password regularly and can do so through our Account Manager.

You can test to see if you’re vulnerable by using the HeartBleed Checker

You can learn more about the Heartbleed Bug at heartbleed.com.

 

Phishing Scam Alert: Tariff Plan Changes

We have recently become aware of a phishing scam attempt on our customer’s Account Manager login credentials. If you have received the below e-mail, it is not from GreenGeeks. The e-mail is attempting to phish for your Account Manager username/password. If you have clicked on the link and continued to provide any information, you may have fell victim to the phishing scam. We recommend that you contact our support immediately or log into your account manager and changing your password.

For your safety, please always visit our website at www.greengeeks.com and click on the Client Login link at the top right hand side of the page.

Below is an example of the e-mail.

alert-phishing-scam

Remember, if you aren’t absolutely sure that the e-mail you receive is from GreenGeeks, you are more than welcome to contact our support to double check with us. Phishing scams are all too common and you should use safe practices with any provider that you have online.

Protect yourself with Secure Passwords

Changing cPanel Password

The first line of defense against cyber criminals (hackers) are passwords, but weak and easy to guess passwords aren’t much of a defense. It’s important to create strong passwords that are unique to each of your important account and it’s especially important to update the passwords often. Your GreenGeeks web hosting services comes standard with 24/7 monitoring of servers and includes advanced firewall systems to protect against most attacks, however a weak password is like leaving your front door unlocked. All the cyber criminals have to do to gain access to your precious stuff is to just try and open your door.

Continue reading