that site does not actually check correctly.
it reported a number of sites not vulnerable that were vulnerable.
do not trust it, to check anyways.
This one which another user posted up is good and actually accurate - https://www.ssllabs.com/ssltest/analyze.html?d=bitcointalk.org
alternatively if you have a unix box with python 2.7 (if i recall correctly) just download the python script and test yourself.
Topic: Is this server vulnerable to Heartbleed OpenSSL vulnerability? (Read 1111 times)
Hmm... I thought that the leaked memory would only include OpenSSL-specific stuff, but I did some more research and I think you're right: user passwords could have possibly been leaked, though it would have been difficult.
I'll log everyone out and add this info to the header.
I'll log everyone out and add this info to the header.
I'm wondering, does this just test if the bug is present?
Yes.If so, that means if the file with the bug is updated, but the certificate is not updated, it might give a false negative…
Not really a false negative because the vulnerability is not any more there. But yeh if your server was once vulnerable, you should consider the private key of the certificate as stolen and potentially even users' cookies/passwords. That's why I assume bitcointalk.org never had this vulnerability because I am sure theymos would have made a topic about it then (with a warning to change our passwords to be sure.) 
...
Um you do know that bitcoin.og is both a domian name and a host name....
Um you do know that bitcoin.og is both a domian name and a host name....
Thanks, I had it confused with the Linux hostname command which gives server1.example.com.
I used to set up servers "way too often", but I found a reliable VPS and haven't had to move and rebuild for almost 2.5 years.
That site wants the hostname of a server (i.e. server1.domain.com) not just a domain name.
Um you do know that bitcoin.og is both a domian name and a host name. Most sites use a null or naked domain as their host. There is very likely no something.bitcointalk.org.
Now if the site was forum.bitcointalk.org you couldn't enter just bitcointalk.org.
Quote
Retrieving DNS records for bitcointalk.org...
DNS servers
dns2.registrar-servers.com [208.64.122.242]
dns5.registrar-servers.com [208.64.122.242]
dns1.registrar-servers.com [173.245.58.17]
dns4.registrar-servers.com [173.245.58.17]
dns3.registrar-servers.com [69.197.21.28]
Answer records
bitcointalk.org A 109.201.133.195 7200s
DNS servers
dns2.registrar-servers.com [208.64.122.242]
dns5.registrar-servers.com [208.64.122.242]
dns1.registrar-servers.com [173.245.58.17]
dns4.registrar-servers.com [173.245.58.17]
dns3.registrar-servers.com [69.197.21.28]
Answer records
bitcointalk.org A 109.201.133.195 7200s
Yup only A record points to bitcointalk.org not something.bitcointalk.org
That site wants the hostname of a server (i.e. server1.domain.com) not just a domain name.
Quote
All good, bitcointalk.org seems not affected!
I am getting:
Quote
bitcointalk.org IS VULNERABLE.
Yes, we need to know if the cert was changed after the server was updated.
I'm wondering, does this just test if the bug is present? If so, that means if the file with the bug is updated, but the certificate is not updated, it might give a false negative… I'm just theorizing generally, not assuming that's the case with BitcoinTalk.
I think the filippo site is drowning right now, I haven't got it to give me any results lately.
Quote
All good, bitcointalk.org seems not affected!
Jump to: