0

I have a web-server, (complete with user account and payment system), that was vulnerable to the Heartbleed attack.

What I'm wondering is:

  • How can I detect if my server has been compromised?
  • How do I recover from a heartbleed attack?
  • How do I ensure the safety of my users data?
Azzie Rogers
  • 125

2 Answers2

2
  • Due to the nature of the heartbleed attack, there is no way to verify that your system has been compromised. Because of this reason, all System and network administrators are encouraged to assume you have been compromised.
  • To recover, first you need to update your openssl version to the latest fix published (this varies depending on your system, for example on redhat it's simply yum update openssl and then restarting all services that use openssl), you need to revoke all past ssl certificates and generate/obtain new ones, change all passwords (usernames wouldn't hurt either).
  • Once the past two things have been done/dealt with, your information should be secure against this bug.

see /this website for more info.

WillBD
  • 136
1

Unfortunately, you can't detect whether or not your server has been compromised. Exploitation leaves no record in any logs. Upgrade OpenSSL, renew your SSL certificates, and change all passwords.

Katherine Villyard
  • 18,618