Dreamhost HeartBleed – infected?

 Dreamhost Forum

Hello There, We can confidently let you know that our shared servers and VPS guests are NOT vulnerable to it since they run Debian Lenny and/or Squeeze . The most common version of OpenSSL on our network is 0.9.8o-4squeeze14. “HeartBleed” vulnerability in OpenSSL’s heartbeat module in versions 1.0.1 and 1.0.2-beta

Matt C

From https://discussion.dreamhost.com/thread-140702-post-174286.html#pid174286

Dreamhost Status

As soon as we learned of the “Heartbleed” OpenSSL vulnerability, we began to patch any and all systems that it may have affected. Fortunately this was a very small subset of our systems and was mostly isolated to a small group of mail machines. As of early yesterday, all of our systems are patched. As a preventative measure, we are also re-keying the certificates on any systems with that bug. We have no reason to believe that any of those machines have been compromised, but in the interest of proactive security, we feel that changing SSL certificates is the best option.

DreamHost.com was not vulnerable, but the machines that redirected traffic to our actual site were. This was corrected quickly and those machines will also have their certificates re-keyed.

We can confidently say that our shared servers, VPS guests, and dedicated machines are NOT vulnerable to this issue because they run Debian “Lenny” and/or “Squeeze”. The most common version of OpenSSL on our network is 0.9.8o-4squeeze14, and the “HeartBleed” vulnerability in OpenSSL’s heartbeat module exists in versions 1.0.1 and 1.0.2-beta.

If you have any questions or concerns, please don’t hesitate to contact our support team.


Leave a Reply

Your email address will not be published. Required fields are marked *