heartbleed bug
Tech Updates - Tips & Tricks - April 11, 2014

How to Protecting Your Website from the Heartbleed Bug.

If you are a website owner, an administrator who supports HTTPS or you are running a website on a hosting service platform, then you need to check the below following steps to protect and prevent your website getting affected by the heartbleed bug.

If you want to know What is a heartbleed bug and how badly it affects your website user then you need to click on this link What is ‘Heartbleed’ bug?

The below following are the steps that can help you in Protecting Your Website from the Heartbleed Bug are:

Check with Hosting service provider:

If you are using a hosting service provider to host your website then, you need to find out from your them , whether their server’s were affected from the vulnerable attack of Heartbleed Bug. You need to feel confident of their response and if you are okay/good with their reply, then you are good. If you are not okay/happy with their response or the reason given to you then you need to work on these following steps.

Verify:

 You need to visit the demo website, which is http://filippo.io/Heartbleed/ and enter the address of your site to check, whether your website has been attacked by the bug or its not vulnerable. If the answer provided to you by the demo website is not positive, then you need to again ask your hosting service to fix the problem at the earliest. You need to wait again till your hosting service provider has rectified the problem and has sent you a confirmation through email.

After rectification:

When your hosting service provider has sent you a confirmation that they have done the required upgrade, you need to again check on their confirmation. You again need to visit the test site. This time it should show that your website is not vulnerable anymore. If you get that confirmation then the next step you need to do is to generate a new SSL/TLS key and get a certificate for the new key. After you have generated the new key and the certificate, you need to start using it. This is necessary because an attacker might have gotten your old key details. You also need to revoke the certificate that you were using previously.

Ask User:

Ask your users to change their password at the earliest, if your website needs user details, to allow them to log in. This is important as the previous passwords used by your user might have got compromised, which they were using to log in to your website.

Talk to your business associates:

Insure that you talk to your business associates, who have your data and who might be using the services of website that might have got affected with this bug. The reason why I am asking you to check with them is generally small business might not be aware of this problem.

Be vigilant:

You also need to keep a close eye on the financial statements for the next few days. Since, this bug allows a hacker to get information about credit cards and other bank account details there can be some unwanted transaction on your website using your user’s detail.