log in not secure

Gyro

Full Access Member
Joined
Sep 12, 2012
Messages
336
Reaction score
61
Location
Nova Scotia
Anyone else getting a "log in not secure" message?


Gyro
 

Attachments

  • Untitled2.jpg
    Untitled2.jpg
    17.4 KB · Views: 18
Last edited:

Myke

Full Access Member
Joined
Nov 13, 2016
Messages
563
Reaction score
4
Location
USA
No, can you post a screen shot of the error message?

Sent from my SM-N910V using Tapatalk
 

Gyro

Full Access Member
Joined
Sep 12, 2012
Messages
336
Reaction score
61
Location
Nova Scotia
win7 and firefox.
only started this morning,and only this site.
Firefox did update this morning to 52.0.1 32bit.

Gyro
 

Jim McClain

Full Access Member
Joined
Jul 31, 2015
Messages
429
Reaction score
2
Location
Teh REAL No. CA
The security of JeepKJ.com has not changed or become compromised. Of course, I don't have access to their server, but as a webmaster and owner or manager of other forums running this software and this type of server, I can say this is an issue with Google and the various browsers that are being swayed by their "warnings."

What Google wants is for all websites to start using more secure server technologies. Browsers like Chrome and Firefox show those warnings when they detect a domain that is using the http protocol, not the https and has any kind of log in script running on the page.

In my opinion, forums like this don't really need to be on https, unless they are collecting sensitive information like credit card transactions. That's not to say your email address and passwords aren't sensitive. And sooner or later, all websites should convert to more secure technology. Google has warned us that our http domains may lose some of our page rank in favor of our competitors who use https. That alone has caused me to make plans to convert my own websites to https very soon.

To be safe, you should use a unique password on every website you log into. Don't use the same password anywhere else. That may seem difficult to some, but there are services, like LastPass Password Manager that take the headache away from remembering passwords. I've been using it for free for several years now and like it a lot.

But don't fear that there is a problem with JeepKJ.com that keeps you away from the forum and your fellow KJ peeps. I will continue to use this forum every day, but I do encourage the owners to pony up and get that SSL certificate and convert our beloved site to https. Done right, with htaccess redirects and a little work manually editing any hard links in the system from http to https and using the Replacement Variable Manager in the vBulletin ACP to convert any of the internal links posted by members to the https versions, the transition will be smooth. Then all you have to do is alert everyone to edit their Favorites/Bookmarks (the htaccess redirects will always get them to the right version, but the correct links are better).

As usual, this is just my opinion. I'm not a staffer here and don't know the inner workings of this website. But I do feel I have some insight and experience over the last 20+ years of managing forums.

Jim
 

boboborino

Full Access Member
Joined
Nov 23, 2014
Messages
588
Reaction score
20
Location
Lorette, Manitoba, Canada
anyone else getting a "log in not secure" message?


Gyro

yes!

the security of jeepkj.com has not changed or become...................................................................

As usual, this is just my opinion. I'm not a staffer here and don't know the inner workings of this website. But i do feel i have some insight and experience over the last 20+ years of managing forums.

Jim

I second what Jim here says! I also am neither a staffer nor do I know the inner workings of this website. Or any website, or even a damn computer for that matter! Hell! Ram as far as I know is a truck! and how many zeros are there between a gigabyte and a terabyte? And Memory? jeeze my computer can't even remember my Mom's maiden name, or the name of my first pet!

:wtf2:

And last but not least, if this website does change to HTTPS (whatever the hell that means) for gods sake change the font and color of links when attached within a post!

:rofl:

Bert
 

Jim McClain

Full Access Member
Joined
Jul 31, 2015
Messages
429
Reaction score
2
Location
Teh REAL No. CA
...if this website does change to HTTPS (whatever the hell that means) for gods sake change the font and color of links when attached within a post!
I certainly do agree about the links styling and can't think of a good reason anyone could come up with to ignore that problem so long. However, that doesn't have anything to do with converting to https (Hypertext Transfer Protocol Secure). The links thing is part of the styling of this (or any) website. It's a theme thing, sorta like chrome on a car, the paint, changing the type of headlights. HTTPS is like re-gearing, or the difference between gas and diesel.
 

ltd02

Comfortably numb
KJ Supporting Member
Joined
Aug 15, 2014
Messages
2,608
Reaction score
160
Location
North Central Maryland
I'm not sure there is an actual webmaster for this site (probably Skynet). I've tried to contact someone several times over the past 8 or 9 years and never got a response. So, I doubt anything will change anytime soon. :favorites68:

Funny thing about the warning, I don't get it on Firefox or Safari on any of my Macs but I do get it on Firefox on my machine running Linux (I don't do windows :happy175:)
 

Myke

Full Access Member
Joined
Nov 13, 2016
Messages
563
Reaction score
4
Location
USA
With Lets Encrypt there is no reason anybody running a website isn't using https. Most users are dumb and so most users will reuse passwords. Sending plain text passwords make it extremely easy to use a mitm attack and capture all their login info.

Ever access this site or any other site via http on a public WiFi such as Starbucks, an airport lounge, at university? Then your login info can easily be compromised. Kali Linux will let you do it out of the box.

Use the same fb password as here and access this site on a work pc. Your IT guys and potentially your boss now have your fb password.

Tl;dr please take security seriously

Sent from my SM-N910V using Tapatalk
 
Last edited:

Jim McClain

Full Access Member
Joined
Jul 31, 2015
Messages
429
Reaction score
2
Location
Teh REAL No. CA
With Lets Encrypt there is no reason anybody running a website isn't using https.
Sounds like you should know, not all servers are capable of using Lets Encrypt. Mine isn't because Liquid Web bought my host out recently and will gladly let what used to be a pretty good hosting company go to rot so they can move all their customers to Liquids over-priced and under-supported servers. I can't move right now, so I will sit it out. I did, however, just convert to HTTPS yesterday. Not free, like Lets Encrypt, but reasonably priced. My forum uses the same software as this one. I belong to a couple webmaster forums and hate to break it to you, but there's a LOT of people running or owning forums that couldn't go through the process of converting to HTTPS to save their lives.

please take security seriously

Sent from my SM-N910V using Tapatalk
Well, you are saying that on a forum using software that has been known, at least in the webmaster world, to have had at least 152 exploits. Who knows if they've been patched in this particular version. On top of that, you are using Tapatalk, which has also been exploited and may or may not be using the latest version here. ;)
 

profdlp

Counting My Blessings
Joined
May 21, 2013
Messages
5,404
Reaction score
824
Location
Westlake, Ohio
Jim, along with others have this covered. As far as the timing, yes it was in the recent update to Firefox. I'm using a variant named Waterfox and have seen the same thing on various sites. It's kind of the tech equivalent of going to the beach and seeing a "No Lifeguard On Duty" sign. It doesn't mean you're going to drown, just that you need to be careful.
 
Top