“After 10 days of massive coverage, we expected to see every server out there patched against it. To confirm our expectations, we scanned every web site listed in the Alexa top 1 million rank,” Sucuri CTO Daniel Cid wrote in a blog post Thursday. “Yes, we scanned the top web sites in the world to see how many were still infected.”
Here’s what the firm found: “We were glad to see that the top 1,000 sites in the world were all properly patched, and that just 0.53% of the top 10k still had issues. However, as we went to less popular (and smaller) sites, the number of unpatched servers grew to 2%. That is not surprising, but we expected better.”
If you are a website owner, Sucuri suggests that you use this website to check whether or not your site is affected and, in case it is, to patch the Heartbleed OpenSSL vulnerability post-haste.