Thank you for visiting the Rackspace Community
The The Community is live! Post new content or topics so our teams can assist.

Please contact your support team if you have a question or need assistance for any Rackspace products, services, or articles.

Rackspace Server vulnerable to Heartbleed

I'm not sure if this is the right place, but perhaps it would be good to get some exposure for this as I'm quite surprised to see Rackspace messing this up.

I'm using Chrome with the Chromebleed plugin and it warned me that *edited* has the heartbleed vulnerability (CVE-2014-0160). I could confirm this on https://filippo.io/Heartbleed/. Doing a Whois on the webserver's IP address (*edited*) I found it was apparently Rackspace who manages to run servers not patched for this vulnerability in 2016.

I couldn't find a regular abuse address on the Whois so that's why I decided to put it here.

Parents
No Data
Reply
  • Former Member
    Former Member over 2 years ago
    Hi Bastiaan85,
     
    Thank you for bringing this to our attention. I edited your post to remove mentions of the domain to ensure that we don't send traffic to an affected site. When Heartbleed was announced in 2014, Rackspace did take action to address the vulnerability on our customer's servers (https://community.rackspace.com/general/f/53/t/3596).  However, some customers may have chosen to opt out of the patch and, if they didn't patch their environments, potentially left their system in a vulnerable state.
     
    I will contact the account team that supports this customer to inform them about the vulnerability. In the future, should you need to reach us regarding a compromised site, you can email our Abuse Department at abuse@rackspace.com.
Children
No Data