Site insecure

Discussion in 'Questions & Suggestions for CFnet Staff' started by OzSpen, Mar 13, 2017.

  1. OzSpen

    OzSpen Member

    Joined:
    Jun 13, 2014
    Messages:
    3,534
    Location:
    Brisbane, Qld, Australia
    Christian:
    Yes
    Staff,

    I use Firefox most of the time as my browser. A couple of minutes ago, I tried to log on to christianforums.net and it would not allow me, stating your site was insecure. I tried christianforums.com and there was no problem.

    Is there an issue with security on this forum or perhaps it's an issue with Firefox?

    I'm sending this using Google Chrome.

    Oz
     
  2. Knotical

    Knotical Staff Member Moderator

    Joined:
    Sep 11, 2012
    Messages:
    5,530
    Location:
    Armpit of California
    Christian:
    Yes
    I don't know of any problems, but one thing you can do is up in the address bar of your browser where you may see "http" before the web address for the site you can change it to say "https". This will actually enter the site through a secure connection.
     
    MSchultz and Edward like this.
  3. Mike

    Mike Member

    Joined:
    Mar 13, 2010
    Messages:
    14,845
    Location:
    Michigan, U.S.
    Christian:
    Yes
    Oz, do you understand the purpose for the TWITS Forum according to its description? With that, do you understand the purpose of the Questions & Suggestions Forum according to its deacription?
     
  4. OzSpen

    OzSpen Member

    Joined:
    Jun 13, 2014
    Messages:
    3,534
    Location:
    Brisbane, Qld, Australia
    Christian:
    Yes
    Please tell me.
     
  5. Nick

    Nick Staff Member Moderator

    Joined:
    Feb 27, 2009
    Messages:
    14,206
    Location:
    Sydney
    That will not work in this case. Our site does not have SSL encryption. Yet.
     
  6. Nick

    Nick Staff Member Moderator

    Joined:
    Feb 27, 2009
    Messages:
    14,206
    Location:
    Sydney
    Hi Oz.

    I am moving this to the Questions & Suggestions forum. This is not suitable for the Talk With The Staff forum as it's not a private matter, and others may have questions about this.

    To answer your question, it's not you or your computer but this site. We do not have SSL encryption (https) enabled. Considering we do not process financial transactions on this site (all done through paypal) and we don't store sensitive data, historically this hasn't been an issue for us, or any other forum for that matter.

    More recently, there's been a big push for more and more sites to enable SSL. It simply makes browsing safer and it harder to intercept communications here, which helps prevent spying and also malicious injections. Also, SSL sites are often a lot faster and are increasingly favoured by search engines, especially Google.

    In light of recent events, I am approaching the site owner to petition for us to obtain an SSL certificate.

    CF.net is not less safe than it has ever been, but recently browsers are starting to treat differently sites that do not have SSL enabled.
     
  7. OzSpen

    OzSpen Member

    Joined:
    Jun 13, 2014
    Messages:
    3,534
    Location:
    Brisbane, Qld, Australia
    Christian:
    Yes
    Thanks Eora for your enlightening response.
     
  8. OzSpen

    OzSpen Member

    Joined:
    Jun 13, 2014
    Messages:
    3,534
    Location:
    Brisbane, Qld, Australia
    Christian:
    Yes
    I have just logged in to CFnet and received this message from my browser:

    Starting in Firefox version 52, you will also see a warning message when you click inside the login box to enter a username or password.

    [​IMG]

    What can I do if a login page is insecure?
    If a login page for your favorite site is insecure, you can try and see if a secure version of the page exists by typing https:// before the url in the location bar. You can also try to contact the web administrator for the site and ask them to secure their connection.

    Not recommended: You can also continue to log in to the website even if the connection is insecure, but do so at your own risk. If you do go this route, try to use a unique password or a password that you don’t also use for other important sites.​

    The messaged that is circled in red is what happened when I tried to log on to CFnet. I do not understand why CFnet is regarded as an insecure connection on the login page.

    I did what is 'Not recommended' by log on to CFnet.

    Are any others receiving this message about CFnet being an 'insecure connection'?

    Oz
     
  9. reba

    reba Staff Member Administrator

    Joined:
    Dec 23, 2010
    Messages:
    45,942
    Location:
    State of Jefferson
    Christian:
    Yes
    I do not
     
  10. OzSpen

    OzSpen Member

    Joined:
    Jun 13, 2014
    Messages:
    3,534
    Location:
    Brisbane, Qld, Australia
    Christian:
    Yes
    It gave me the message again as I just logged on.
     
  11. OzSpen

    OzSpen Member

    Joined:
    Jun 13, 2014
    Messages:
    3,534
    Location:
    Brisbane, Qld, Australia
    Christian:
    Yes
    I tried to give a Print Screen of what happened when I logged in now (see #8 for details), but it will not accept it. I got this message on CFnet:

    The following error occurred:
    The uploaded file does not have an allowed extension.​

    This also would not allow me to do a Print Screen of this error message and copy to this post.

    Oz
     
  12. OzSpen

    OzSpen Member

    Joined:
    Jun 13, 2014
    Messages:
    3,534
    Location:
    Brisbane, Qld, Australia
    Christian:
    Yes
    I continue to get this error message when I use Firefox:

    Your connection is not secure

    The owner of www.christianforums.net has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.

    Learn more…

    Report errors like this to help Mozilla identify and block malicious sites

    www.christianforums.net uses an invalid security certificate.

    The certificate is only valid for the following names:
    auctiontemplates.co, www.auctiontemplates.co
    The certificate expired on Thursday, 11 February 2016 9:59 AM. The current time is Thursday, 23 March 2017 7:20 AM.

    Error code: SSL_ERROR_BAD_CERT_DOMAIN​

    So, I've used Chrome to browse to this site. What is causing this 'error' message when I use Firefox as my browser? Is the problem with Firefox or CFnet?

    Oz
     
  13. Nick

    Nick Staff Member Moderator

    Joined:
    Feb 27, 2009
    Messages:
    14,206
    Location:
    Sydney
    Oz,

    Nothing has changed since my reply to you. Browsers are warning people about sites that do not have encrypted connections. We don't yet. While yes, in theory someone could steal your password, our site being encrypted isn't as important as sites that store real-world inforamtion about you such as addresses and credit card information.

    We are working on getting SSL in the future.

    I would like to reiterate that nothing at CF has changed, only the way browsers react to http sites.

    Read more:
    http://www.pcworld.com/article/3161...s-when-websites-use-insecure-http-logins.html
     
    Truthfrees and MSchultz like this.
  14. OzSpen

    OzSpen Member

    Joined:
    Jun 13, 2014
    Messages:
    3,534
    Location:
    Brisbane, Qld, Australia
    Christian:
    Yes
    Thanks Eora.

    I find it interesting that Firefox (my regular browser) gives the warning about CFnet but Chrome doesn't.

    Oz
     
  15. markathome

    markathome Member

    Joined:
    Jan 30, 2016
    Messages:
    432
    Location:
    Alaska
    Nick likes this.
  16. MSchultz

    MSchultz Member

    Joined:
    Mar 19, 2016
    Messages:
    219
    Location:
    Düsseldorf, DE
    I am a user of Chrome and I can confirm that I am warned prior to entry to Cfnet; I am provided with the option to 'go back' safely. When this message appears I merely modify the https to http.
     
  17. reba

    reba Staff Member Administrator

    Joined:
    Dec 23, 2010
    Messages:
    45,942
    Location:
    State of Jefferson
    Christian:
    Yes
    I use Chrome and am not warned
     
  18. Knotical

    Knotical Staff Member Moderator

    Joined:
    Sep 11, 2012
    Messages:
    5,530
    Location:
    Armpit of California
    Christian:
    Yes
    Your security settings may be a bit looser than MSchultz's.
     
    MSchultz likes this.
  19. markathome

    markathome Member

    Joined:
    Jan 30, 2016
    Messages:
    432
    Location:
    Alaska
    without https when ya enter your password its being sent over the internet as plain text.
     
  20. MSchultz

    MSchultz Member

    Joined:
    Mar 19, 2016
    Messages:
    219
    Location:
    Düsseldorf, DE
    I have very high security measures installed on all my devices and PC; one cannot be too careful with cyber-crime nowadays.
     

Share This Page