Brief forum downtime & openssl "heartbleed"

Jguy

Retired Staff
Messages
292
Points
0
Age
38
IRC Nickname
Jguy
Github
jguy1987
Emulator
Hello,

Today I installed some updates that required a restart of apache and mysql. While I was in there I optimized the tables and gave the forum a nice new feel to its backend. This required a downtime of approximately 15-20 seconds while everything got started back up. Everything should be back up and running properly (and hopefully slightly faster) as of this post.

I also took the opportunity to update OpenSSL to protect against the heartbleed bug that recently surfaced. While Hercules does not use any SSL for any of our sites/services hosted on herc.ws (there's really no need at this particular point in time), its best to get it done now.

Thanks all and I apologize for any inconveniences this caused (usually I would announce it but didn't feel the 15 second downtime would have a huge impact). Next time if there are major maintenances going on we'll be sure to announce before hand.

 
Be sure to change your github passwords or set up two-step auth on github. They were compromised / affected by the exploit.

 
15 seconds of downtime...

People will not forgive you.....

default_smile.png


 
We don't need to make things like a race. Take this in mind: haste makes waste. This is the closest I know to a Spanish proverb whose literal translation is much like: "dress me slowly, because I'm in a hurry!". It just does say that rushing will lead us to do things improperly, thus having to invest time in fixing the problems, then doing it properly, resulting in delaying even more than if done straightforwardly right.

 
Last edited by a moderator:
well on topic, forgive my ignorance but can someone tell me what exactly is OpenSSL and heart-bleed? and what do they do?  I am not a technical guy so i dont understand. and yes, I did try looking for it on Wikipedia.

 
Thanks a lot quesoph

so i have a server  and the website is protected with 256 bit SSL certificate. so do i need to do sm thing to protect myself from this exploit ?

 
Thanks a lot quesoph

so i have a server  and the website is protected with 256 bit SSL certificate. so do i need to do sm thing to protect myself from this exploit ?
If your ssl certificate is generated by(/hosted on) openssl (>v1.0.1) , then update your openssl to the versions which fixed the bug. Also as a security, change user password(but i guess, your server is new, and hackers wouldnt have searched for gaming site for exploit...)
 
Back
Top