These forums are no longer vulnerable to CVE-2014-0160 aka Heartbleed.
You should check if you're vulnerable. If you trust some random dude on the internet, you can check your own site with this tool. Alternatively you can check out an implementation in Go or Python.
Damn, you're vulnerable? Those of you with Ubuntu, should see Ubuntu Security Notice USN-2165-1. The rest of you should use your distro's package manager to update to OpenSSL 1.0.1g or later. (You should sit down for this next part.) If you're vulnerable, you should probably assume you're private key was leaked. So, have your issuer revoke your cert and issue a new one.
Now that we've got all the important stuff out of the way, check out this very nicely detailed writeup.
