Website Not Secure

Discussion about this site, including these forums (eg, suggestions, comments, queries). Topics may be manually deleted occasionally (eg, after suggestions dealt with, or changes bedded in).

Website Not Secure

Postby South_Aussie_Hiker » Sun 22 Jul, 2018 8:55 am

For the last month or two, every time I login this site, my iPhone gives a red “website not secure” warning at the login page.

This occurs regardless of whether I’m connected via home NBN or 4g.

Once logged in, the earning disappears.

Has something changed with the security certificate of the website, or could this be related to iOS 11.3/11.4?
User avatar
South_Aussie_Hiker
Phyllocladus aspleniifolius
Phyllocladus aspleniifolius
 
Posts: 902
Joined: Tue 22 Feb, 2011 9:24 pm
Region: South Australia
Gender: Male

Re: Website Not Secure

Postby michael_p » Sun 22 Jul, 2018 4:46 pm

Most likely to be related to this change that has recently been implemented in Safari: https://www.digicert.com/blog/safari-wa ... re-logins/

In a nutshell. The site login is done over a standard http connection. What all browser makers have moved to is logins using https ,which is the type of secure connection that is used for online banking, etc.

Browser makers are moving towards all website using https connections for all pages not just logins. This is just the first stage of the process. Safari is about a year behind everyone else. The warnings only started this year some time AFAIK.

Should you be worried? Well that is up to you, I can't answer that question for you. Personally, I am not that bothered about this site only having a http login. There is little usable information about me in my profile so I see it as low risk. YMMV of course.

Cheers,
Michael.
One foot in front of the other.
User avatar
michael_p
Phyllocladus aspleniifolius
Phyllocladus aspleniifolius
 
Posts: 993
Joined: Sun 15 Nov, 2009 6:58 pm
Location: Macarthur Region of Sydney.
Region: New South Wales
Gender: Male

Re: Website Not Secure

Postby ribuck » Sun 22 Jul, 2018 4:55 pm

An http login can be easily intercepted by anyone on the same WiFi network.

So make sure you use a password here that is different from the passwords you use anywhere else.
User avatar
ribuck
Phyllocladus aspleniifolius
Phyllocladus aspleniifolius
 
Posts: 973
Joined: Wed 15 May, 2013 3:47 am
Region: Other Country
Gender: Male

Re: Website Not Secure

Postby north-north-west » Sun 22 Jul, 2018 4:59 pm

I've had this since a certain (can't remember which) update to Firefox.

No-one has hacked me yet. *fingers crossed*
"Mit der Dummheit kämpfen Götter selbst vergebens."
User avatar
north-north-west
Lagarostrobos franklinii
Lagarostrobos franklinii
 
Posts: 11130
Joined: Thu 14 May, 2009 7:36 pm
Location: The Asylum
ASSOCIATED ORGANISATIONS: Social Misfits Anonymous
Region: Tasmania

Re: Website Not Secure

Postby South_Aussie_Hiker » Sun 22 Jul, 2018 5:13 pm

Great. Thanks for the detailed explanation.
User avatar
South_Aussie_Hiker
Phyllocladus aspleniifolius
Phyllocladus aspleniifolius
 
Posts: 902
Joined: Tue 22 Feb, 2011 9:24 pm
Region: South Australia
Gender: Male

Re: Website Not Secure

Postby wildwalks » Mon 23 Jul, 2018 10:17 am

Yes -- that is right. I have not installed a SSH (https) certificate for the bushwalk.com.
This is something I should do. I am planning a fairly significant update later this year, I will include adding a SSL to part of that upgrade. A different password is good advice.

thanks

Matt :)
wildwalks
Magnus administratio
Magnus administratio
 
Posts: 780
Joined: Mon 22 Nov, 2010 4:35 pm
ASSOCIATED ORGANISATIONS: Wildwalks, Bushwalk.com & NPA NSW
Region: New South Wales
Gender: Male

Re: Website Not Secure

Postby FatCanyoner » Mon 23 Jul, 2018 5:16 pm

Matt, this is definitely worth resolving. I moved my blog over to https late last year after people started mentioning issues with this. Certain browsers really don't like http sites anymore. And depending on your security settings, some people will simply get blocked rather than getting a warning. This is only going to become more of an issue as https is further entrenched as the standard.

I'd recommend getting an SSL certificate through Let's Encrypt (https://letsencrypt.org), which is a free and effective service.

I'd also point out that, despite not being particularly technical, I managed to move both Fat Canyoners (https://fatcanyoners.org/) and the new Canyoning Australia forum (https://canyoning.org.au/forum/) over to https. Once you have the SSL certificate sorted you can simply put in place a redirect so everyone who comes to the site using an old http url (links from other sites, old search engine results, etc) is automatically redirected to the https version. People won't even notice the difference, and you'll not only provide greater security for forum users, but you'll avoid losing potential visitors.
The Fat Canyoners: trip reports, technical tips, gear reviews and more: http://fatcanyoners.org
User avatar
FatCanyoner
Phyllocladus aspleniifolius
Phyllocladus aspleniifolius
 
Posts: 756
Joined: Fri 12 Aug, 2011 7:45 pm
Location: Blue Mountains
Region: New South Wales
Gender: Male

Re: Website Not Secure

Postby wildwanderer » Fri 28 Dec, 2018 11:57 am

Can we get this sorted please?

Traffic to the forum is becoming less and less. :(

No doubt a contributor is the warning that the website is not secure when browsing on iphones, the chrome browser and some other mobile phones. Also from July 2018 google is now down ranking sites that do not use https so it means less people find the forum on search engines.

not secure.jpg
You do not have the required permissions to view the files attached to this post.
User avatar
wildwanderer
Phyllocladus aspleniifolius
Phyllocladus aspleniifolius
 
Posts: 639
Joined: Tue 02 May, 2017 8:42 am
Region: New South Wales
Gender: Male

Re: Website Not Secure

Postby FatCanyoner » Mon 31 Dec, 2018 9:58 am

Totally agree. I avoid sites that don't use https, particularly when they involve the use of passwords. I'm sure many bushwalk.com members use the same passsword for other accounts, email, maybe even banking. It's simple to fix and protects the privacy of users. I have no IT experience, beyond what I've had to develop running a couple websites, and I managed to easily add free SSL certificates that resolve this. It isn't hard.
The Fat Canyoners: trip reports, technical tips, gear reviews and more: http://fatcanyoners.org
User avatar
FatCanyoner
Phyllocladus aspleniifolius
Phyllocladus aspleniifolius
 
Posts: 756
Joined: Fri 12 Aug, 2011 7:45 pm
Location: Blue Mountains
Region: New South Wales
Gender: Male

Re: Website Not Secure

Postby ribuck » Mon 31 Dec, 2018 6:28 pm

If you use a different password here than at other sites, and you don't send this site any sensitive information (e.g. in private messages), you have nothing to fear. The lack of https only makes it possible for others to intercept your communications with this site; it doesn't enable others to hack anything else of yours.

No doubt this site will eventually be made secure. It's not hard to do if you already know how, but it's a real hassle when you have to work it out yourself for the first time.
User avatar
ribuck
Phyllocladus aspleniifolius
Phyllocladus aspleniifolius
 
Posts: 973
Joined: Wed 15 May, 2013 3:47 am
Region: Other Country
Gender: Male

Re: Website Not Secure

Postby Hiking Noob » Mon 31 Dec, 2018 9:42 pm

Works fine on Monument Browser on my Android phone, works fine in Seamonkey on my Windows laptop, have never received any sort of warning.
Hiking Noob
Athrotaxis cupressoides
Athrotaxis cupressoides
 
Posts: 202
Joined: Sun 08 Feb, 2015 10:11 pm
Region: New South Wales
Gender: Male

Re: Website Not Secure

Postby wildwanderer » Wed 02 Jan, 2019 8:59 am

ribuck wrote:If you use a different password here than at other sites, and you don't send this site any sensitive information (e.g. in private messages), you have nothing to fear. The lack of https only makes it possible for others to intercept your communications with this site; it doesn't enable others to hack anything else of yours..


the forum has a significant e-commerce section. I think its wishful thinking to believe people are not exchanging private info when buying and selling on market square. Really they should be taking the transaction to private email.. but I wonder how many dont.

Never the less I don’t think the risk is severe if people follow the suggested security precautions you mentioned ribuck. Not reusing passwords being the most critical.

I’m more concerned with the reduction of forum traffic. I’m sure many people who might become great members of the bushwalk.com community are not signing up because they get a warning about the site being insecure on their browser. and of course less publicity for the site on search engines due to downranking.
User avatar
wildwanderer
Phyllocladus aspleniifolius
Phyllocladus aspleniifolius
 
Posts: 639
Joined: Tue 02 May, 2017 8:42 am
Region: New South Wales
Gender: Male


Return to Forum & Site

Who is online

Users browsing this forum: No registered users and 3 guests