Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

All code examples must follow the Markdown rules as this site uses Markdown. If you don't know how, click here for a tutorial. Any code examples not using Markdown will be deleted.
All code examples must follow the Markdown rules as this site uses Markdown. If you don't know how, click here for a tutorial. Any code examples not using Markdown will be deleted.

Server vulnerability throught https/ssl - openssl

edited September 2016 in Hosting and Server

Hi alls ,
I haved opened this post becouse i haved find today some chinese hackers logged in some accounts of my site,and throught this i want to help other people which can have problems in future.
The most people who have websites hosted on vps has no much knowledge about servers,and if have maybe sometimes are missing somethink from the server security.

Lets begin.

By default the most web pannels and linux os(all free versions) come with old versions of software,in this case openssl.

Vulnerability:The Heartbleed Bug.

Most of the people are using Let's Encrypt.

Solution: Upgrade your openssl version to your server,download and install again in your server from the source and compile this.
Then reboot the server.

The latest versions can be located here :

https://www.openssl.org/source/

How to find the version in your server:
in your server console : openssl version -a
In my case was: OpenSSL 1.0.1e-fips 11 Feb 2013.
now: OpenSSL 1.1.0 25 Aug 2016

How to install:

install unzip gcc pcre-devel zlib-devel make .. if not installed.
then make an folder in your root or /temp .. your choice.

./config

make

make test

make install

Remove the folder after installation: remove openssl-1.1.0 or openssl-x.x.x . :# rm -r openssl-1.1.0

Then reboot your server ... important.

I hope that this will help you.

Best regards.

data66
Sign In or Register to comment.