HostMonster Web Hosting Help

The Heartbleed Bug and What You Need To Know

First off, we fixed it.

As you may have heard, an Internet-wide security threat emerged yesterday called the Heartbleed bug. Online security is a topic that we take very seriously. Once we learned about this issue we began addressing it immediately and we’ve compiled this list of questions and answers to help you understand the Heartbleed bug, let you know what we’ve done to address it and let you know what you can do to protect your private information.

What is the Heartbleed bug?

The Heartbleed bug is a serious vulnerability in the popular OpenSSL cryptographic software library used to secure information traffic across much of the Internet. Because the vulnerability itself could leak/bleed information and it involved the Heartbeat function of OpenSSL, the vulnerability was nicknamed “Heartbleed.” This weakness allows hackers to steal information normally protected by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging and some virtual private networks. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content which allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.

What is being done?

This vulnerability was assigned an identifier of CVE-2014-0160 and was quickly patched by the maintainers of OpenSSL. That patch was made publicly available and service providers across the globe, including HostMonster, have already patched, tested, and verified all systems are secured.

The security of our customers is a top priority. We began addressing this issue immediately upon disclosure and have successfully applied patches to all of our platforms. The likelihood that private information was compromised is very minimal due to the lack of a public exploit at the time of the disclosure. As always, we will continue to work to protect the security of our customers and their data.

Is my server vulnerable?

There was a period when anyone relying on OpenSSL was vulnerable. Upon disclosure of the vulnerability, we immediately patched our entire platform. At this time, our servers are not vulnerable and information is secure.

Has HostMonster replaced their SSL certificates?

Yes. Upon the disclosure of the vulnerability we immediately reached out to our SSL certificate providers and began the process of having all of our internal and external SSL certificates reissued.

Will the SSL certificate I purchased through HostMonster be updated?

Yes. While the likelihood of exploitation is extremely low, we are working with our SSL providers to reissue all certificates that were purchased through the HostMonster platform. This process will be both secured and automated, with individual customer contact as/if needed to ensure all certificates are updated.

Should I replace the SSL certificate I purchased through a third party service?

That is a personal choice. If you feel it’s worth the time, or if you are dealing with sensitive data, then it’s a good idea to have your cert reissued. The likelihood that your private keys were compromised is very minimal due to the lack of a public exploit at the time of the disclosure. However, if you do decide you would like to have your certificate reissued, contact your certificate issuing authority. Once you have obtained a new private key, certificate, and CA bundle, our HostMonster support team will be happy to assist you. Alternatively, you are welcome to purchase a new SSL certificate through your control panel and we will handle any similar vulnerabilities in the future on your behalf, without need for your direct involvement.

Was my security, password or privacy compromised?

There was a period when anyone relying on OpenSSL was vulnerable. Upon disclosure of the vulnerability, we immediately patched our entire platform. The likelihood that your private keys were compromised is minimal due to the lack of a public exploit at the time of the disclosure. If you are concerned, you are welcome to use our Change Password tool to select a new password. If you do change your password, consider that this vulnerability existed across the majority of the Internet and password changes should be done anywhere you store sensitive information.

To check potential vulnerability on the HostMonster service or with any other provider, use the tool at

Where can I learn more about Heartbleed?

For more details about the Heartbleed bug, please visit

Knowledgebase Article 14,103 views bookmark tags: heartbleed ssl (updated 505 days ago)

Was this resource helpful?

Did this resolve your issue?

Please add any other comments or suggestions about this content:

Recommended Help Content

How to add a new SSL certificate for your different WM services. (updated 844 days ago)
Knowledgebase Article 24,884 views tags: ssl whm

How to renew an existing SSL certificate--or purchase a new one, within your cPanel (updated 210 days ago)
Knowledgebase Article 58,377 views tags: cert certificate layer secure security socket ssl

Where do I get a copy of the site seal for my SSL I purchased through HostMonster? (updated 1127 days ago)
Knowledgebase Article 183,423 views tags: cert image logo seal secure ssl

Related Help Content

What files do you need to make your SSL certificate work on another account/server? (updated 1324 days ago)
Knowledgebase Article 28,418 views tags: certificate move ssl

This article will show a way to protect specific pages of your website with SSL. This may have benefits for SEO and can be used on pages that contain forms, shopping carts or any other page where users might enter sensitive information. (updated 125 days ago)
Knowledgebase Article 2,267 views tags: htaccess pages specific ssl

I need to have an SSL Self-Signed Certificate installed for my domain. (updated 120 days ago)
Knowledgebase Article 99,876 views tags: secure ssl

How do I setup CubeCart to use an SSL Certificate? (updated 120 days ago)
Knowledgebase Article 57,975 views tags: cubecart ssl

I need to have an SSL 3rd Party Certificate installed for my domain. (updated 53 days ago)
Knowledgebase Article 159,364 views tags: certificate ssl

SSL/TLS Certificates and Addon Domains. (updated 862 days ago)
Knowledgebase Article 48,931 views tags: ssl

How to use a WildCard SSL Certificate (updated 39 days ago)
Knowledgebase Article 47,348 views tags: htaccess reseller ssl subdomain subfolder wildcard

How to reset the SSL certificates for your servers services (updated 526 days ago)
Knowledgebase Article 12,640 views tags: ssl whm