log in not secure

Discussion in 'Site Comments & Feedback' started by Gyro, Mar 19, 2017.

  1. Gyro

    Gyro Full Access Member

    Messages:
    280
    Likes Received:
    12
    Joined:
    Sep 12, 2012
    Location:
    Nova Scotia
    Anyone else getting a "log in not secure" message?


    Gyro
     

    Attached Files:

    Last edited: Mar 19, 2017
  2. Myke

    Myke Full Access Member

    Messages:
    562
    Likes Received:
    4
    Joined:
    Nov 13, 2016
    Location:
    USA
    No, can you post a screen shot of the error message?

    Sent from my SM-N910V using Tapatalk
     
  3. Gyro

    Gyro Full Access Member

    Messages:
    280
    Likes Received:
    12
    Joined:
    Sep 12, 2012
    Location:
    Nova Scotia
    added pic to 1st post

    Gyro
     
  4. Leeann

    Leeann Full Access Member

    Messages:
    2,282
    Likes Received:
    51
    Joined:
    Mar 9, 2013
    Location:
    Maryland
    Nope. What browser and OS are you using?
     
  5. Gyro

    Gyro Full Access Member

    Messages:
    280
    Likes Received:
    12
    Joined:
    Sep 12, 2012
    Location:
    Nova Scotia
    win7 and firefox.
    only started this morning,and only this site.
    Firefox did update this morning to 52.0.1 32bit.

    Gyro
     
  6. JeepinJarhead03

    JeepinJarhead03 Full Access Member

    Messages:
    367
    Likes Received:
    1
    Joined:
    Sep 17, 2009
    Location:
    Petersburg VA
    noticed that today as well
     
  7. Jim McClain

    Jim McClain Full Access Member

    Messages:
    420
    Likes Received:
    0
    Joined:
    Jul 31, 2015
    Location:
    Teh REAL No. CA
    The security of JeepKJ.com has not changed or become compromised. Of course, I don't have access to their server, but as a webmaster and owner or manager of other forums running this software and this type of server, I can say this is an issue with Google and the various browsers that are being swayed by their "warnings."

    What Google wants is for all websites to start using more secure server technologies. Browsers like Chrome and Firefox show those warnings when they detect a domain that is using the http protocol, not the https and has any kind of log in script running on the page.

    In my opinion, forums like this don't really need to be on https, unless they are collecting sensitive information like credit card transactions. That's not to say your email address and passwords aren't sensitive. And sooner or later, all websites should convert to more secure technology. Google has warned us that our http domains may lose some of our page rank in favor of our competitors who use https. That alone has caused me to make plans to convert my own websites to https very soon.

    To be safe, you should use a unique password on every website you log into. Don't use the same password anywhere else. That may seem difficult to some, but there are services, like LastPass Password Manager that take the headache away from remembering passwords. I've been using it for free for several years now and like it a lot.

    But don't fear that there is a problem with JeepKJ.com that keeps you away from the forum and your fellow KJ peeps. I will continue to use this forum every day, but I do encourage the owners to pony up and get that SSL certificate and convert our beloved site to https. Done right, with htaccess redirects and a little work manually editing any hard links in the system from http to https and using the Replacement Variable Manager in the vBulletin ACP to convert any of the internal links posted by members to the https versions, the transition will be smooth. Then all you have to do is alert everyone to edit their Favorites/Bookmarks (the htaccess redirects will always get them to the right version, but the correct links are better).

    As usual, this is just my opinion. I'm not a staffer here and don't know the inner workings of this website. But I do feel I have some insight and experience over the last 20+ years of managing forums.

    Jim
     
  8. boboborino

    boboborino Full Access Member

    Messages:
    585
    Likes Received:
    19
    Joined:
    Nov 23, 2014
    Location:
    Lorette, Manitoba, Canada
    yes!

    I second what Jim here says! I also am neither a staffer nor do I know the inner workings of this website. Or any website, or even a damn computer for that matter! Hell! Ram as far as I know is a truck! and how many zeros are there between a gigabyte and a terabyte? And Memory? jeeze my computer can't even remember my Mom's maiden name, or the name of my first pet!

    :wtf2:

    And last but not least, if this website does change to HTTPS (whatever the hell that means) for gods sake change the font and color of links when attached within a post!

    :rofl:

    Bert
     
  9. Jim McClain

    Jim McClain Full Access Member

    Messages:
    420
    Likes Received:
    0
    Joined:
    Jul 31, 2015
    Location:
    Teh REAL No. CA
    I certainly do agree about the links styling and can't think of a good reason anyone could come up with to ignore that problem so long. However, that doesn't have anything to do with converting to https (Hypertext Transfer Protocol Secure). The links thing is part of the styling of this (or any) website. It's a theme thing, sorta like chrome on a car, the paint, changing the type of headlights. HTTPS is like re-gearing, or the difference between gas and diesel.
     
  10. Gyro

    Gyro Full Access Member

    Messages:
    280
    Likes Received:
    12
    Joined:
    Sep 12, 2012
    Location:
    Nova Scotia
    Thanks Jim.

    Gyro
     
  11. ltd02

    ltd02 Comfortably numb KJ Supporting Member

    Messages:
    2,495
    Likes Received:
    90
    Joined:
    Aug 15, 2014
    Location:
    North Central Maryland
    I'm not sure there is an actual webmaster for this site (probably Skynet). I've tried to contact someone several times over the past 8 or 9 years and never got a response. So, I doubt anything will change anytime soon. :favorites68:

    Funny thing about the warning, I don't get it on Firefox or Safari on any of my Macs but I do get it on Firefox on my machine running Linux (I don't do windows :happy175:)
     
  12. Myke

    Myke Full Access Member

    Messages:
    562
    Likes Received:
    4
    Joined:
    Nov 13, 2016
    Location:
    USA
    With Lets Encrypt there is no reason anybody running a website isn't using https. Most users are dumb and so most users will reuse passwords. Sending plain text passwords make it extremely easy to use a mitm attack and capture all their login info.

    Ever access this site or any other site via http on a public WiFi such as Starbucks, an airport lounge, at university? Then your login info can easily be compromised. Kali Linux will let you do it out of the box.

    Use the same fb password as here and access this site on a work pc. Your IT guys and potentially your boss now have your fb password.

    Tl;dr please take security seriously

    Sent from my SM-N910V using Tapatalk
     
    Last edited: Mar 29, 2017
  13. Jim McClain

    Jim McClain Full Access Member

    Messages:
    420
    Likes Received:
    0
    Joined:
    Jul 31, 2015
    Location:
    Teh REAL No. CA
    Sounds like you should know, not all servers are capable of using Lets Encrypt. Mine isn't because Liquid Web bought my host out recently and will gladly let what used to be a pretty good hosting company go to rot so they can move all their customers to Liquids over-priced and under-supported servers. I can't move right now, so I will sit it out. I did, however, just convert to HTTPS yesterday. Not free, like Lets Encrypt, but reasonably priced. My forum uses the same software as this one. I belong to a couple webmaster forums and hate to break it to you, but there's a LOT of people running or owning forums that couldn't go through the process of converting to HTTPS to save their lives.

    Well, you are saying that on a forum using software that has been known, at least in the webmaster world, to have had at least 152 exploits. Who knows if they've been patched in this particular version. On top of that, you are using Tapatalk, which has also been exploited and may or may not be using the latest version here. ;)
     
  14. profdlp

    profdlp On The Ledge

    Messages:
    4,852
    Likes Received:
    124
    Joined:
    May 21, 2013
    Location:
    Westlake, Ohio
    Jim, along with others have this covered. As far as the timing, yes it was in the recent update to Firefox. I'm using a variant named Waterfox and have seen the same thing on various sites. It's kind of the tech equivalent of going to the beach and seeing a "No Lifeguard On Duty" sign. It doesn't mean you're going to drown, just that you need to be careful.