Tuesday 8th April,
Krystal patched all affected servers.
Thursday 10th April,
Due to the recent discovery of the HeartBleed SSL bug, we have now replaced the private keys and SSL certificates across our fleet.
Further Information: Krystal’s retail (shared, reseller and premium) servers were all patched, or not initially vulnerable to the Heartbleed issue within a few hours of learning about it on 8th April. While this prevented the information leakage associated with the bug, it could provide the opportunity for those able to capture customer packets over local networks to decrypt secure data. Therefore we decided to cycle the private keys the certificates protecting cPanel, Webmail, Apache, Exim, POP3/IMAP and FTP services across the fleet. This was done by early this morning on all but the reseller servers where we experienced a little delay in obtaining the newly signed certs (perhaps the whole world is trying to do the same?). We apologise for the brief inconvenience this has caused our resellers.