The Ecommerce Expert

Successful Ecommerce Businesses Start Here

  • Home
  • Services
    • Ecommerce PPC Management
    • Conversion Rate Optimization
    • Ecommerce Consulting
    • Website Design / Redesign
  • Free Resources

How to Detect and Fix the Heartbleed Bug Vulnerability

By Eric Leuenberger Leave a Comment

What is being called the worst security threats in the history of the internet to date, the Heartbleed bug has the ability to cause widespread problems for sites / servers that use openSSL–that’s an estimated 66% of the internet. If you don’t know what openSSL is (it’s tech talk) and aren’t really concerned about it, you should be rethink your actions. Chances are you come in contact with openSSL several times a day without ever knowing it.

The Heartbleed bug is a security encryption flaw that could allow cyber criminals to snap up credit card information or steal passwords. If you (or your customers) have logged into any affected sites over the past two years, their account information could be compromised. Not only are you urged to change your own personal account information (Mashable has put together a a great page where one can get the most up-to-date sites that are affected.)

Detecting It

In addition to protecting your own information, as ecommerce store owners / operators, you should check to make sure the server you are on is not affected by the issue. I’m sure there are a number of ways to do this, but fortunately I received an email yesterday from GeoTrust with a link to their SSL Toolbox. This toolbox will let you either enter your CSR file for checking or enter your domain name for checking your server for vulnerability.

They also included a helpful checklist for diagnosing and correcting the issue if you are affected (sourced directly from the email). I’ll pass that list on below.

Fixing It

Steps to Success:

  • Identify if your web servers are vulnerable (running OpenSSL versions 1.0.1 through 1.0.1f with heartbeat extension enabled). Use our SSL Toolbox to detect this. If you’re running a version of OpenSSL prior to 1.0.1, no further action is required.
  • If your server is impacted, update to the latest patched version of OpenSSL (1.0.1g), or recompile OpenSSL without the heartbeat extension.
  • Generate a new Certificate Signing Request (CSR).
  • Reissue any SSL certificates for affected web servers using the new CSR (do this after moving to a patched version of OpenSSL).
  • Install the new SSL certificate and test your installation.
  • After the new certificate is successfully installed, revoke any certificates that were replaced.
  • Website administrators should also consider resetting end-user passwords that may have been visible in a compromised server memory.
  • Always refer back to the Knowledge Base for more information.

If you have additional questions, please contact your SSL Reseller for further support and more information.

If you have any further resources or up-to-date information on the Heartbleed bug please let me know by commenting below.

Related posts:

  1. 5 Reasons to Consider Third Party Email Services
  2. Just Released! Export Shipping Order Information Version 1.2.0 Contribution
  3. [New Release] Export Shipping and Order Information v1.2.3
  4. Ecommerce Amplifier Coupon Code Issue

Filed Under: Security

Books by The Ecommerce Expert

Google Analytics Uncovered: How to Set Up and Maximize Ecommerce Data in Google Analytics
Available on Amazon Now!

About Eric Leuenberger

Ecommerce conversion marketing expert who has been helping store owners since 1995 increase sales and build more profitable, more sustainable ecommerce businesses.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Categories

  • Blogging
  • Conversion
  • Customer Retention
  • Design & Usability
  • E-Commerce Optimization
  • Email Marketing
  • Featured
  • Google Adwords
  • Increase sales
  • Marketing Strategies
  • Mobile Commerce
  • Search Engine Optimization
  • Search Marketing
  • Security
  • Shopping Cart Abandonment
  • Social Media
  • Website Analytics
  • Zen Cart
  • Zen Cart Contributions
  • Popular
  • Recent

About

The Ecommerce Expert offers products and services that help move ecommerce businesses toward growth and success. Our products and services help store owners maximize their ROI, decreasing expenses and increasing revenue. The net result is sustainable growth and stability with above average results.

Services

  • Conversion Rate Optimization
  • Search Engine Marketing (SEM)
  • Ecommerce PPC Management
  • Social Media Marketing
  • Ecommerce Consulting
  • Website Design / Redesign

Copyright © 2023 | Privacy Policy

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Do not sell my personal information.
Cookie SettingsAccept
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT