Domain
Find Your Domain
Domain
Find Your Domain
Aftermarket
Manage Your Portfolio
Auctions
Support
Domains
Aftermarket
Support
Download the app: ![]()
![]()
Copyright © 2002-2025 Dynadot LLC. All rights reserved.
Back
Bring your .COM domains to the #1 Favorite Registrar of 2024 for just $10.49! Transfer with code HNY2025Start the New Year with a new .COM! 🪩 1st-year registrations are on sale for only $8.99! 🎉 This is your last chance to grab premium .KE domains starting at $140 with standard renewal pricing! Bid now ➡️
Are you sure you want to close the chat?Chat will be closed and the chat history will be cleared.
continue to sign out,or stay on chat.
To review this chat session please click this windows.Chat Online
Chat Online0
Support
Forum
A place for Dynadot and community experts alike to ask questions, share ideas, and more.
4/9/2014 12:12
Howdy Dynadot,
We are looking for some immediately reassuring information regarding potential past and especially any ongoing security issues around this 'Heartbleed Bug' (heartbleed.com) recently found in OpenSSL.
Using a recently developed testing app which we found at https://lastpass.com/heartbleed/ we got the following report:
"WARNING: dynadot.com was tested as vulnerable on 4/8/2014 according to This gist (https://gist.github.com/dberkholz/10169691)
Detected server software of nginx
That server is known to use OpenSSL and could have been vulnerable.
The SSL certificate for dynadot.com valid 1 month ago at Feb 25 00:00:00 2014 GMT.
This is before the heartbleed bug was published, it may need to be regenerated."
As opposed to, for instance, the report on gandi.net using the same tool, which shows the following:
"Detected server software of Apache/2.2.16 (Debian)
That server is known to use OpenSSL and could have been vulnerable.
The SSL certificate for gandi.net was regenerated 2 days ago at Apr 8 00:00:00 2014 GMT which is likely regenerated after heartbleed bug was published, they've updated their SSL certificate which likely means they've taken steps to reduce their ongoing risk from heartbleed!"
We would like some info that we can understand (and if needed, act upon) as security-conscious users. We'd also, frankly, just like to hear you say that everything is being taken care of and we needn't worry. Please do let us know what you can as soon as possible.
Regards
We are looking for some immediately reassuring information regarding potential past and especially any ongoing security issues around this 'Heartbleed Bug' (heartbleed.com) recently found in OpenSSL.
Using a recently developed testing app which we found at https://lastpass.com/heartbleed/ we got the following report:
"WARNING: dynadot.com was tested as vulnerable on 4/8/2014 according to This gist (https://gist.github.com/dberkholz/10169691)
Detected server software of nginx
That server is known to use OpenSSL and could have been vulnerable.
The SSL certificate for dynadot.com valid 1 month ago at Feb 25 00:00:00 2014 GMT.
This is before the heartbleed bug was published, it may need to be regenerated."
As opposed to, for instance, the report on gandi.net using the same tool, which shows the following:
"Detected server software of Apache/2.2.16 (Debian)
That server is known to use OpenSSL and could have been vulnerable.
The SSL certificate for gandi.net was regenerated 2 days ago at Apr 8 00:00:00 2014 GMT which is likely regenerated after heartbleed bug was published, they've updated their SSL certificate which likely means they've taken steps to reduce their ongoing risk from heartbleed!"
We would like some info that we can understand (and if needed, act upon) as security-conscious users. We'd also, frankly, just like to hear you say that everything is being taken care of and we needn't worry. Please do let us know what you can as soon as possible.
Regards
4/9/2014 16:09
Update (Round #2): Dynadot now has this handy-dandy blog post about #heartbleed at
https://www.dynadot.com/community/blog/2014/04/heartbleed-openssl-security-bug.html
https://www.dynadot.com/community/blog/2014/04/heartbleed-openssl-security-bug.html
4/9/2014 15:59
Update: It seems that Dynadot is no longer listed as vulnerable in the Gist quoted above. Looks like the Gist was updated a few hours ago.
4/9/2014 12:26
Addition: The advice we've gotten is generally to change all passwords on significant accounts, but after folks have updated their security certifications (which should be underway now, if not completed).
We'd like to know when we might expect Dynadot to have updated its security certs?
Thanks.
We'd like to know when we might expect Dynadot to have updated its security certs?
Thanks.
Download the app:
Copyright © 2002-2025 Dynadot Inc. All rights reserved. Privacy PolicyTerms of UseRegistrant Educational InformationRegistrants Benefits and Responsibilities![]()
![]()
![]()
