Members audioicon Posted January 1, 2018 Members Share Posted January 1, 2018 Recently I started to noticed that there is no SSL used on the log in Page/Process for this forum. I also started to get warnings last night that the connections for which credentials are sent is not secure. One can simply argue that users can create a throw away account and care less about someone seeing what they are logging in with. I have had serious security concerns about these forums but it is reaching a another lever. The least we can do is use SSL and a simple Captcha. Given the relentless SPAM on these forums, all, one simple have to accidentally click a link and run into some serious issues. I enjoy our community, please don't make me run away. Link to comment Share on other sites More sharing options...
Members Dendy Jarrett Posted January 1, 2018 Members Share Posted January 1, 2018 Are you by chance getting this warning on Firefox? Link to comment Share on other sites More sharing options...
Members bieke Posted January 1, 2018 Members Share Posted January 1, 2018 yeah, the forums aren't secure, don't know if admins here are concerned with securityvBulletin has a fairly poor record when it comes to the number of vulnerabilities found in their softwarethe fact that threads get hardly any views, but traffic is up, seems to me that it is just bogus accounts that are attacking this placehttps://thehackernews.com/2017/12/vbulletin-forum-hacking.htmldon't know if admins here are paying attention to this, hopefully sohttps://www.vbulletin.org/forum/showthread.php?t=325905 Link to comment Share on other sites More sharing options...
Members audioicon Posted January 1, 2018 Author Members Share Posted January 1, 2018 Are you by chance getting this warning on Firefox? Yes, but Firefox simply goes the distance to make this explicit, however, all browsers are passively indicating that the connection is not secure. Right now as I type this message, I can see in the top left corner of all browsers that the connection is not secure. In IE, there should be a lock icon and HTTPS Protocol, these are simply not there. This is very similar for Opera. This is simply a new Firefox Update which explicitly informs the users as of version 52: Per Mozilla: Firefox will display a lock icon with red strike-through [img2=JSON]{"data-align":"none","data-size":"full","src":"http:\/\/www.harmonycentral.com\/\/support.cdn.mozilla.net\/media\/uploads\/gallery\/images\/2015-11-17-12-13-18-2faa61.png"}[/img2] in the address bar when a login page you’re viewing does not have a secure connection. This is to inform you that if you enter your password, it could be stolen by eavesdroppers and attackers. Starting in Firefox version 52, you will also see a warning message when you click inside the login box to enter a username or password. Simply put and as you already know, there appears to be no SSL on this forum and while I understand that the issues discussed in these forums are not matters of National Security, I am simply flabbergasted that people are logging or allowed to log into a page which has no encrypted connection. Link to comment Share on other sites More sharing options...
Members Dendy Jarrett Posted January 2, 2018 Members Share Posted January 2, 2018 Thanks guys for bringing this to our attention. We did a security patch update and we believe something didn't carry over. We're on it. ThanksD Link to comment Share on other sites More sharing options...
Members Geoff Grace Posted January 7, 2018 Members Share Posted January 7, 2018 Did this ever get fixed? Best, Geoff Link to comment Share on other sites More sharing options...
Members Mandolin Picker Posted January 7, 2018 Members Share Posted January 7, 2018 Did this ever get fixed? I still get the warning when I log on Link to comment Share on other sites More sharing options...
Members audioicon Posted January 8, 2018 Author Members Share Posted January 8, 2018 Did this ever get fixed? Best, Geoff No. Link to comment Share on other sites More sharing options...
Members 1001gear Posted January 8, 2018 Members Share Posted January 8, 2018 Must be the economy then. Link to comment Share on other sites More sharing options...
Members techristian Posted January 13, 2018 Members Share Posted January 13, 2018 I finally got my email back up on my websites. Apparently GoDaddy shut them down because they weren't secure. I had to go through a checklist for a few hours to get the access back.....and of course they also tried to sell me a SSL CERTIFICATE. DAN Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.