I sent this message out to all server account contacts, but wish it to reach anyone who has any account on my server it might have missed:
This is a brief message regarding the Heartbleed bug that is all over the news today.
In brief, I became aware of the seriousness of the bug/exploit a few hours ago and took immediate action to open OpenSSL on the server to the latest bugfix release, followed by a server reboot to ensure no un-updated binaries were running.
At this time, there is no way to tell if a particular server has been compromised; or rather, if data from a particular server has been accessed. The best solution I have seen involves securing the server (which is now done), and resetting all passwords on the server, which is a huge undertaking, and not practical to do for all applications running on the server.
I therefore highly recommend that if there is an application running under your account, such as a forum or WordPress or other software installation, that you immediately recommend to all users that they change their account passwords immediately.
This affects easily a half million servers on the internet; I personally tend to believe that the vast majority of those probably have not been accessed; but the seriousness of this incident prompts a “better safe than sorry” response.
If you require further information or assistance, please do not hesitate to email firstname.lastname@example.org and we will assist you as soon as possible.
PanamaCityPC.com – BlueBonnetServer.com