log in not secure
- Thread starter Gyro
- Start date
Gyro
Full Access Member
added pic to 1st post
Gyro
Gyro
Gyro
Full Access Member
win7 and firefox.
only started this morning,and only this site.
Firefox did update this morning to 52.0.1 32bit.
Gyro
only started this morning,and only this site.
Firefox did update this morning to 52.0.1 32bit.
Gyro
JeepinJarhead03
Full Access Member
noticed that today as well
Jim McClain
Full Access Member
The security of JeepKJ.com has not changed or become compromised. Of course, I don't have access to their server, but as a webmaster and owner or manager of other forums running this software and this type of server, I can say this is an issue with Google and the various browsers that are being swayed by their "warnings."
What Google wants is for all websites to start using more secure server technologies. Browsers like Chrome and Firefox show those warnings when they detect a domain that is using the http protocol, not the https and has any kind of log in script running on the page.
In my opinion, forums like this don't really need to be on https, unless they are collecting sensitive information like credit card transactions. That's not to say your email address and passwords aren't sensitive. And sooner or later, all websites should convert to more secure technology. Google has warned us that our http domains may lose some of our page rank in favor of our competitors who use https. That alone has caused me to make plans to convert my own websites to https very soon.
To be safe, you should use a unique password on every website you log into. Don't use the same password anywhere else. That may seem difficult to some, but there are services, like LastPass Password Manager that take the headache away from remembering passwords. I've been using it for free for several years now and like it a lot.
But don't fear that there is a problem with JeepKJ.com that keeps you away from the forum and your fellow KJ peeps. I will continue to use this forum every day, but I do encourage the owners to pony up and get that SSL certificate and convert our beloved site to https. Done right, with htaccess redirects and a little work manually editing any hard links in the system from http to https and using the Replacement Variable Manager in the vBulletin ACP to convert any of the internal links posted by members to the https versions, the transition will be smooth. Then all you have to do is alert everyone to edit their Favorites/Bookmarks (the htaccess redirects will always get them to the right version, but the correct links are better).
As usual, this is just my opinion. I'm not a staffer here and don't know the inner workings of this website. But I do feel I have some insight and experience over the last 20+ years of managing forums.
Jim
What Google wants is for all websites to start using more secure server technologies. Browsers like Chrome and Firefox show those warnings when they detect a domain that is using the http protocol, not the https and has any kind of log in script running on the page.
In my opinion, forums like this don't really need to be on https, unless they are collecting sensitive information like credit card transactions. That's not to say your email address and passwords aren't sensitive. And sooner or later, all websites should convert to more secure technology. Google has warned us that our http domains may lose some of our page rank in favor of our competitors who use https. That alone has caused me to make plans to convert my own websites to https very soon.
To be safe, you should use a unique password on every website you log into. Don't use the same password anywhere else. That may seem difficult to some, but there are services, like LastPass Password Manager that take the headache away from remembering passwords. I've been using it for free for several years now and like it a lot.
But don't fear that there is a problem with JeepKJ.com that keeps you away from the forum and your fellow KJ peeps. I will continue to use this forum every day, but I do encourage the owners to pony up and get that SSL certificate and convert our beloved site to https. Done right, with htaccess redirects and a little work manually editing any hard links in the system from http to https and using the Replacement Variable Manager in the vBulletin ACP to convert any of the internal links posted by members to the https versions, the transition will be smooth. Then all you have to do is alert everyone to edit their Favorites/Bookmarks (the htaccess redirects will always get them to the right version, but the correct links are better).
As usual, this is just my opinion. I'm not a staffer here and don't know the inner workings of this website. But I do feel I have some insight and experience over the last 20+ years of managing forums.
Jim
boboborino
Full Access Member
yes!
I second what Jim here says! I also am neither a staffer nor do I know the inner workings of this website. Or any website, or even a damn computer for that matter! Hell! Ram as far as I know is a truck! and how many zeros are there between a gigabyte and a terabyte? And Memory? jeeze my computer can't even remember my Mom's maiden name, or the name of my first pet!
:wtf2:
And last but not least, if this website does change to HTTPS (whatever the hell that means) for gods sake change the font and color of links when attached within a post!
:rofl:
Bert
Jim McClain
Full Access Member
I certainly do agree about the links styling and can't think of a good reason anyone could come up with to ignore that problem so long. However, that doesn't have anything to do with converting to https (Hypertext Transfer Protocol Secure). The links thing is part of the styling of this (or any) website. It's a theme thing, sorta like chrome on a car, the paint, changing the type of headlights. HTTPS is like re-gearing, or the difference between gas and diesel.
Gyro
Full Access Member
Thanks Jim.
Gyro
Gyro
I'm not sure there is an actual webmaster for this site (probably Skynet). I've tried to contact someone several times over the past 8 or 9 years and never got a response. So, I doubt anything will change anytime soon. :favorites68:
Funny thing about the warning, I don't get it on Firefox or Safari on any of my Macs but I do get it on Firefox on my machine running Linux (I don't do windows :happy175
Funny thing about the warning, I don't get it on Firefox or Safari on any of my Macs but I do get it on Firefox on my machine running Linux (I don't do windows :happy175
With Lets Encrypt there is no reason anybody running a website isn't using https. Most users are dumb and so most users will reuse passwords. Sending plain text passwords make it extremely easy to use a mitm attack and capture all their login info.
Ever access this site or any other site via http on a public WiFi such as Starbucks, an airport lounge, at university? Then your login info can easily be compromised. Kali Linux will let you do it out of the box.
Use the same fb password as here and access this site on a work pc. Your IT guys and potentially your boss now have your fb password.
Tl;dr please take security seriously
Sent from my SM-N910V using Tapatalk
Ever access this site or any other site via http on a public WiFi such as Starbucks, an airport lounge, at university? Then your login info can easily be compromised. Kali Linux will let you do it out of the box.
Use the same fb password as here and access this site on a work pc. Your IT guys and potentially your boss now have your fb password.
Tl;dr please take security seriously
Sent from my SM-N910V using Tapatalk
Last edited:
Jim McClain
Full Access Member
Sounds like you should know, not all servers are capable of using Lets Encrypt. Mine isn't because Liquid Web bought my host out recently and will gladly let what used to be a pretty good hosting company go to rot so they can move all their customers to Liquids over-priced and under-supported servers. I can't move right now, so I will sit it out. I did, however, just convert to HTTPS yesterday. Not free, like Lets Encrypt, but reasonably priced. My forum uses the same software as this one. I belong to a couple webmaster forums and hate to break it to you, but there's a LOT of people running or owning forums that couldn't go through the process of converting to HTTPS to save their lives.
Well, you are saying that on a forum using software that has been known, at least in the webmaster world, to have had at least 152 exploits. Who knows if they've been patched in this particular version. On top of that, you are using Tapatalk, which has also been exploited and may or may not be using the latest version here.
profdlp
Counting My Blessings
Jim, along with others have this covered. As far as the timing, yes it was in the recent update to Firefox. I'm using a variant named Waterfox and have seen the same thing on various sites. It's kind of the tech equivalent of going to the beach and seeing a "No Lifeguard On Duty" sign. It doesn't mean you're going to drown, just that you need to be careful.
Similar threads
