By now you've probably heard about the Heartbleed security vulnerability.
If you haven't, here are a few important facts to know:
- This week, the Heartbleed bug was detected in recent versions of the most popular SSL/TLS encryption implementation (OpenSSL). It affected the majority of websites and services on the internet (about 2/3), including our server as well.
- We took immediate steps to patch the potential vulnerability in our website & email hosting server and Schweb Design is no longer vulnerable. For more information check out http://heartbleed.com.
- This is not a vulnerability with our server's SSL or your sites' SSL/TLS or Schweb Design. Your site is & was not broken, nor are any digital certificates for your domain.
- We have secured the server and fix this bug:
- We have fixed this vulnerability on our server and verified/tested.
- We've regenerated all server SSL keys, CSRs, and certificates including yours if you have an SSL certificate on your website (e.g. receive credit card payments). As a side-effect, you might notice Outlook or your mail client temporarily complain about a new certificate (this should go away shortly after changes propagate).
- We've changed all server administrator passwords including all clients' hosting account passwords. If you'd like your new cPanel hosting account password, just drop us a line and we'll let you know what it is!
- This has affected all of us, including you. We have no evidence of any malicious behavior, but we strongly encourage you to please follow our final steps you can take below.
So you've secured the web & email server, now what do I need to do?
Change your email passwords by going to www.yourdomain.com/webmail and logging in and clicking "Change password". Drop us a line if you'd like us to do this for you.
We recommend you also change your passwords everywhere else, since this vulnerability affects most services and websites you use.
How can I be sure my site is safe?
If your website and email is hosted by Schweb Design, your site is safe! If not, we recommend contacting your service provider immediately.
You can also go to http://filippo.io/Heartbleed to test your website.
Although we have no evidence of any malicious behavior, the nature of this bug means any attacks would've left no trace (Exploitation of this bug leaves no traces of anything abnormal happening) which is why we are taking exposure to this seriously.
Let us know if you have any questions!
Thank you for being a great client to work for!