What's new
  • This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.
  • Do not use Chrome Incognito when registering as it freezes the registration page.
  • Guest, Join Papa Zoom today for some uplifting biblical encouragement! --> Daily Verses

Feedback Site insecure

Joined
Jun 13, 2014
Messages
3,929
Gender
Male
Christian
Yes
#1
Staff,

I use Firefox most of the time as my browser. A couple of minutes ago, I tried to log on to christianforums.net and it would not allow me, stating your site was insecure. I tried christianforums.com and there was no problem.

Is there an issue with security on this forum or perhaps it's an issue with Firefox?

I'm sending this using Google Chrome.

Oz
 

Knotical

Shepherd of the Knotical kid-farm
Member
Joined
Sep 11, 2012
Messages
5,801
Gender
Male
Christian
Yes
#2
I don't know of any problems, but one thing you can do is up in the address bar of your browser where you may see "http" before the web address for the site you can change it to say "https". This will actually enter the site through a secure connection.
 

Mike

Staff member
Administrator
Joined
Mar 13, 2010
Messages
15,282
Gender
Male
Christian
Yes
#3
Oz, do you understand the purpose for the TWITS Forum according to its description? With that, do you understand the purpose of the Questions & Suggestions Forum according to its deacription?
 
Joined
Jun 13, 2014
Messages
3,929
Gender
Male
Christian
Yes
#4
Oz, do you understand the purpose for the TWITS Forum according to its description? With that, do you understand the purpose of the Questions & Suggestions Forum according to its deacription?
Please tell me.
 
Joined
Feb 27, 2009
Messages
14,530
Gender
Male
#5
I don't know of any problems, but one thing you can do is up in the address bar of your browser where you may see "http" before the web address for the site you can change it to say "https". This will actually enter the site through a secure connection.
That will not work in this case. Our site does not have SSL encryption. Yet.
 
Joined
Feb 27, 2009
Messages
14,530
Gender
Male
#6
Hi Oz.

I am moving this to the Questions & Suggestions forum. This is not suitable for the Talk With The Staff forum as it's not a private matter, and others may have questions about this.

To answer your question, it's not you or your computer but this site. We do not have SSL encryption (https) enabled. Considering we do not process financial transactions on this site (all done through paypal) and we don't store sensitive data, historically this hasn't been an issue for us, or any other forum for that matter.

More recently, there's been a big push for more and more sites to enable SSL. It simply makes browsing safer and it harder to intercept communications here, which helps prevent spying and also malicious injections. Also, SSL sites are often a lot faster and are increasingly favoured by search engines, especially Google.

In light of recent events, I am approaching the site owner to petition for us to obtain an SSL certificate.

CF.net is not less safe than it has ever been, but recently browsers are starting to treat differently sites that do not have SSL enabled.
 
Joined
Jun 13, 2014
Messages
3,929
Gender
Male
Christian
Yes
#7
Hi Oz.

I am moving this to the Questions & Suggestions forum. This is not suitable for the Talk With The Staff forum as it's not a private matter, and others may have questions about this.

To answer your question, it's not you or your computer but this site. We do not have SSL encryption (https) enabled. Considering we do not process financial transactions on this site (all done through paypal) and we don't store sensitive data, historically this hasn't been an issue for us, or any other forum for that matter.

More recently, there's been a big push for more and more sites to enable SSL. It simply makes browsing safer and it harder to intercept communications here, which helps prevent spying and also malicious injections. Also, SSL sites are often a lot faster and are increasingly favoured by search engines, especially Google.

In light of recent events, I am approaching the site owner to petition for us to obtain an SSL certificate.

CF.net is not less safe than it has ever been, but recently browsers are starting to treat differently sites that do not have SSL enabled.
Thanks Eora for your enlightening response.
 
Joined
Jun 13, 2014
Messages
3,929
Gender
Male
Christian
Yes
#8
I have just logged in to CFnet and received this message from my browser:

Starting in Firefox version 52, you will also see a warning message when you click inside the login box to enter a username or password.



What can I do if a login page is insecure?
If a login page for your favorite site is insecure, you can try and see if a secure version of the page exists by typing https:// before the url in the location bar. You can also try to contact the web administrator for the site and ask them to secure their connection.

Not recommended: You can also continue to log in to the website even if the connection is insecure, but do so at your own risk. If you do go this route, try to use a unique password or a password that you don’t also use for other important sites.​

The messaged that is circled in red is what happened when I tried to log on to CFnet. I do not understand why CFnet is regarded as an insecure connection on the login page.

I did what is 'Not recommended' by log on to CFnet.

Are any others receiving this message about CFnet being an 'insecure connection'?

Oz
 
Joined
Jun 13, 2014
Messages
3,929
Gender
Male
Christian
Yes
#11
It gave me the message again as I just logged on.
I tried to give a Print Screen of what happened when I logged in now (see #8 for details), but it will not accept it. I got this message on CFnet:

The following error occurred:
The uploaded file does not have an allowed extension.​

This also would not allow me to do a Print Screen of this error message and copy to this post.

Oz
 
Joined
Jun 13, 2014
Messages
3,929
Gender
Male
Christian
Yes
#12
I continue to get this error message when I use Firefox:

Your connection is not secure

The owner of www.christianforums.net has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.

Learn more…

Report errors like this to help Mozilla identify and block malicious sites

www.christianforums.net uses an invalid security certificate.

The certificate is only valid for the following names:
auctiontemplates.co, www.auctiontemplates.co
The certificate expired on Thursday, 11 February 2016 9:59 AM. The current time is Thursday, 23 March 2017 7:20 AM.

Error code: SSL_ERROR_BAD_CERT_DOMAIN​

So, I've used Chrome to browse to this site. What is causing this 'error' message when I use Firefox as my browser? Is the problem with Firefox or CFnet?

Oz
 
Joined
Feb 27, 2009
Messages
14,530
Gender
Male
#13
I continue to get this error message when I use Firefox:

Your connection is not secure

The owner of www.christianforums.net has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.

Learn more…

Report errors like this to help Mozilla identify and block malicious sites

www.christianforums.net uses an invalid security certificate.

The certificate is only valid for the following names:
auctiontemplates.co, www.auctiontemplates.co
The certificate expired on Thursday, 11 February 2016 9:59 AM. The current time is Thursday, 23 March 2017 7:20 AM.

Error code: SSL_ERROR_BAD_CERT_DOMAIN​

So, I've used Chrome to browse to this site. What is causing this 'error' message when I use Firefox as my browser? Is the problem with Firefox or CFnet?

Oz
Oz,

Nothing has changed since my reply to you. Browsers are warning people about sites that do not have encrypted connections. We don't yet. While yes, in theory someone could steal your password, our site being encrypted isn't as important as sites that store real-world inforamtion about you such as addresses and credit card information.

We are working on getting SSL in the future.

I would like to reiterate that nothing at CF has changed, only the way browsers react to http sites.

Read more:
http://www.pcworld.com/article/3161...s-when-websites-use-insecure-http-logins.html
 
Joined
Jun 13, 2014
Messages
3,929
Gender
Male
Christian
Yes
#14
Oz,

Nothing has changed since my reply to you. Browsers are warning people about sites that do not have encrypted connections. We don't yet. While yes, in theory someone could steal your password, our site being encrypted isn't as important as sites that store real-world inforamtion about you such as addresses and credit card information.

We are working on getting SSL in the future.

I would like to reiterate that nothing at CF has changed, only the way browsers react to http sites.

Read more:
http://www.pcworld.com/article/3161...s-when-websites-use-insecure-http-logins.html
Thanks Eora.

I find it interesting that Firefox (my regular browser) gives the warning about CFnet but Chrome doesn't.

Oz
 
Joined
Mar 19, 2016
Messages
234
Gender
Male
#16
Thanks Eora.

I find it interesting that Firefox (my regular browser) gives the warning about CFnet but Chrome doesn't.

Oz
I am a user of Chrome and I can confirm that I am warned prior to entry to Cfnet; I am provided with the option to 'go back' safely. When this message appears I merely modify the https to http.