Website Not Secure

Discussion about this site, including these forums (eg, suggestions, comments, queries). Topics may be manually deleted occasionally (eg, after suggestions dealt with, or changes bedded in).

Website Not Secure

Postby South_Aussie_Hiker » Sun 22 Jul, 2018 8:55 am

For the last month or two, every time I login this site, my iPhone gives a red “website not secure” warning at the login page.

This occurs regardless of whether I’m connected via home NBN or 4g.

Once logged in, the earning disappears.

Has something changed with the security certificate of the website, or could this be related to iOS 11.3/11.4?
User avatar
South_Aussie_Hiker
Phyllocladus aspleniifolius
Phyllocladus aspleniifolius
 
Posts: 930
Joined: Tue 22 Feb, 2011 9:24 pm
Region: South Australia
Gender: Male

Re: Website Not Secure

Postby michael_p » Sun 22 Jul, 2018 4:46 pm

Most likely to be related to this change that has recently been implemented in Safari: https://www.digicert.com/blog/safari-wa ... re-logins/

In a nutshell. The site login is done over a standard http connection. What all browser makers have moved to is logins using https ,which is the type of secure connection that is used for online banking, etc.

Browser makers are moving towards all website using https connections for all pages not just logins. This is just the first stage of the process. Safari is about a year behind everyone else. The warnings only started this year some time AFAIK.

Should you be worried? Well that is up to you, I can't answer that question for you. Personally, I am not that bothered about this site only having a http login. There is little usable information about me in my profile so I see it as low risk. YMMV of course.

Cheers,
Michael.
One foot in front of the other.
User avatar
michael_p
Athrotaxis selaginoides
Athrotaxis selaginoides
 
Posts: 1376
Joined: Sun 15 Nov, 2009 6:58 pm
Location: Macarthur Region of Sydney.
Region: New South Wales
Gender: Male

Re: Website Not Secure

Postby ribuck » Sun 22 Jul, 2018 4:55 pm

An http login can be easily intercepted by anyone on the same WiFi network.

So make sure you use a password here that is different from the passwords you use anywhere else.
User avatar
ribuck
Athrotaxis selaginoides
Athrotaxis selaginoides
 
Posts: 1883
Joined: Wed 15 May, 2013 3:47 am
Region: Other Country
Gender: Male

Re: Website Not Secure

Postby north-north-west » Sun 22 Jul, 2018 4:59 pm

I've had this since a certain (can't remember which) update to Firefox.

No-one has hacked me yet. *fingers crossed*
"Mit der Dummheit kämpfen Götter selbst vergebens."
User avatar
north-north-west
Lagarostrobos franklinii
Lagarostrobos franklinii
 
Posts: 15069
Joined: Thu 14 May, 2009 7:36 pm
Location: The Asylum
ASSOCIATED ORGANISATIONS: Social Misfits Anonymous
Region: Tasmania

Re: Website Not Secure

Postby South_Aussie_Hiker » Sun 22 Jul, 2018 5:13 pm

Great. Thanks for the detailed explanation.
User avatar
South_Aussie_Hiker
Phyllocladus aspleniifolius
Phyllocladus aspleniifolius
 
Posts: 930
Joined: Tue 22 Feb, 2011 9:24 pm
Region: South Australia
Gender: Male

Re: Website Not Secure

Postby wildwalks » Mon 23 Jul, 2018 10:17 am

Yes -- that is right. I have not installed a SSH (https) certificate for the bushwalk.com.
This is something I should do. I am planning a fairly significant update later this year, I will include adding a SSL to part of that upgrade. A different password is good advice.

thanks

Matt :)
wildwalks
Magnus administratio
Magnus administratio
 
Posts: 946
Joined: Mon 22 Nov, 2010 4:35 pm
ASSOCIATED ORGANISATIONS: Wildwalks, Bushwalk.com & NPA NSW
Region: New South Wales
Gender: Male

Re: Website Not Secure

Postby FatCanyoner » Mon 23 Jul, 2018 5:16 pm

Matt, this is definitely worth resolving. I moved my blog over to https late last year after people started mentioning issues with this. Certain browsers really don't like http sites anymore. And depending on your security settings, some people will simply get blocked rather than getting a warning. This is only going to become more of an issue as https is further entrenched as the standard.

I'd recommend getting an SSL certificate through Let's Encrypt (https://letsencrypt.org), which is a free and effective service.

I'd also point out that, despite not being particularly technical, I managed to move both Fat Canyoners (https://fatcanyoners.org/) and the new Canyoning Australia forum (https://canyoning.org.au/forum/) over to https. Once you have the SSL certificate sorted you can simply put in place a redirect so everyone who comes to the site using an old http url (links from other sites, old search engine results, etc) is automatically redirected to the https version. People won't even notice the difference, and you'll not only provide greater security for forum users, but you'll avoid losing potential visitors.
User avatar
FatCanyoner
Athrotaxis selaginoides
Athrotaxis selaginoides
 
Posts: 1048
Joined: Fri 12 Aug, 2011 7:45 pm
Location: Blue Mountains
ASSOCIATED ORGANISATIONS: www.FatCanyoners.org www.CanyonGear.com.au
Region: New South Wales
Gender: Male

Re: Website Not Secure

Postby wildwanderer » Fri 28 Dec, 2018 11:57 am

Can we get this sorted please?

Traffic to the forum is becoming less and less. :(

No doubt a contributor is the warning that the website is not secure when browsing on iphones, the chrome browser and some other mobile phones. Also from July 2018 google is now down ranking sites that do not use https so it means less people find the forum on search engines.

not secure.jpg
You do not have the required permissions to view the files attached to this post.
User avatar
wildwanderer
Athrotaxis selaginoides
Athrotaxis selaginoides
 
Posts: 1640
Joined: Tue 02 May, 2017 8:42 am
Location: Out of lockdown \o/
Region: New South Wales
Gender: Male

Re: Website Not Secure

Postby FatCanyoner » Mon 31 Dec, 2018 9:58 am

Totally agree. I avoid sites that don't use https, particularly when they involve the use of passwords. I'm sure many bushwalk.com members use the same passsword for other accounts, email, maybe even banking. It's simple to fix and protects the privacy of users. I have no IT experience, beyond what I've had to develop running a couple websites, and I managed to easily add free SSL certificates that resolve this. It isn't hard.
User avatar
FatCanyoner
Athrotaxis selaginoides
Athrotaxis selaginoides
 
Posts: 1048
Joined: Fri 12 Aug, 2011 7:45 pm
Location: Blue Mountains
ASSOCIATED ORGANISATIONS: www.FatCanyoners.org www.CanyonGear.com.au
Region: New South Wales
Gender: Male

Re: Website Not Secure

Postby ribuck » Mon 31 Dec, 2018 6:28 pm

If you use a different password here than at other sites, and you don't send this site any sensitive information (e.g. in private messages), you have nothing to fear. The lack of https only makes it possible for others to intercept your communications with this site; it doesn't enable others to hack anything else of yours.

No doubt this site will eventually be made secure. It's not hard to do if you already know how, but it's a real hassle when you have to work it out yourself for the first time.
User avatar
ribuck
Athrotaxis selaginoides
Athrotaxis selaginoides
 
Posts: 1883
Joined: Wed 15 May, 2013 3:47 am
Region: Other Country
Gender: Male

Re: Website Not Secure

Postby Hiking Noob » Mon 31 Dec, 2018 9:42 pm

Works fine on Monument Browser on my Android phone, works fine in Seamonkey on my Windows laptop, have never received any sort of warning.
Hiking Noob
Athrotaxis cupressoides
Athrotaxis cupressoides
 
Posts: 224
Joined: Sun 08 Feb, 2015 10:11 pm
Region: New South Wales
Gender: Male

Re: Website Not Secure

Postby wildwanderer » Wed 02 Jan, 2019 8:59 am

ribuck wrote:If you use a different password here than at other sites, and you don't send this site any sensitive information (e.g. in private messages), you have nothing to fear. The lack of https only makes it possible for others to intercept your communications with this site; it doesn't enable others to hack anything else of yours..


the forum has a significant e-commerce section. I think its wishful thinking to believe people are not exchanging private info when buying and selling on market square. Really they should be taking the transaction to private email.. but I wonder how many dont.

Never the less I don’t think the risk is severe if people follow the suggested security precautions you mentioned ribuck. Not reusing passwords being the most critical.

I’m more concerned with the reduction of forum traffic. I’m sure many people who might become great members of the bushwalk.com community are not signing up because they get a warning about the site being insecure on their browser. and of course less publicity for the site on search engines due to downranking.
User avatar
wildwanderer
Athrotaxis selaginoides
Athrotaxis selaginoides
 
Posts: 1640
Joined: Tue 02 May, 2017 8:42 am
Location: Out of lockdown \o/
Region: New South Wales
Gender: Male

Re: Website Not Secure

Postby shehaal » Wed 06 Feb, 2019 6:31 pm

ribuck wrote:it's a real hassle when you have to work it out yourself for the first time.


I disagree; it takes about 5 minutes with Cloudflare (which has a free tier), so long as you can move your DNS to them. They set up and renew the certificate automatically for you, and a couple of checked boxes on their dashboard will force a redirection from unsecured to secured.

If you buy a cert from a cert authority and manually install it, then yes, it's likely an absolute pain!
shehaal
Nothofagus gunnii
Nothofagus gunnii
 
Posts: 28
Joined: Mon 03 Jan, 2011 11:27 am
Region: Victoria

Re: Website Not Secure

Postby Mischa » Sat 05 Sep, 2020 5:40 pm

Hey, just bumping this as it's concerning that in 2020 a website that has logged in users is not using HTTPS. As mentioned in the post above, it's not difficult to do, and there are free options around these days I believe. Cheers!
Mischa
Nothofagus cunninghamii
Nothofagus cunninghamii
 
Posts: 2
Joined: Tue 14 Feb, 2012 6:57 pm
Region: Tasmania
Gender: Male

Re: Website Not Secure

Postby FatCanyoner » Sun 06 Sep, 2020 11:29 pm

+1

I have zero IT training or formal experience, yet manage to run three websites that all use HTTPS. I use Cloudflare, which was mentioned above. Completely free, great product, and easy to use.
User avatar
FatCanyoner
Athrotaxis selaginoides
Athrotaxis selaginoides
 
Posts: 1048
Joined: Fri 12 Aug, 2011 7:45 pm
Location: Blue Mountains
ASSOCIATED ORGANISATIONS: www.FatCanyoners.org www.CanyonGear.com.au
Region: New South Wales
Gender: Male

Re: Website Not Secure

Postby wildwalks » Mon 07 Sep, 2020 9:34 am

Howdy Guys
Sorry this has taken forever....... Had some technical issues a while ago and it fell off my todo list :(
Turned out to be a fairly simple configuration step I oops'ed on.

https:// is finally setup and working :)

Thanks for the advice on all the free options, unfortunately the way bushwalk.com is means we can't access most of these free services. All good, got our own (free) certificate installed on the server and is seems happy :)

Happy secure bushwalking ;)

Matt :)
wildwalks
Magnus administratio
Magnus administratio
 
Posts: 946
Joined: Mon 22 Nov, 2010 4:35 pm
ASSOCIATED ORGANISATIONS: Wildwalks, Bushwalk.com & NPA NSW
Region: New South Wales
Gender: Male

Re: Website Not Secure

Postby Son of a Beach » Mon 07 Sep, 2020 9:39 am

Thanks Matt. Seems to be working fine now when I put an "https://" in front of the URL. :-)

I wasn't too worried about it, as I use a different password here than elsewhere, etc. But it's good for everybody's peace of mind, and the search engines will now give it a bit more favour.

NB: Some people might notice that some pages (including the front page) still show as "not secure" in some browsers even though they are using TLS (https://). I think this may be because those pages include images or links to non-secure content. Eg, the forums front page has http:// images of (and links to) the eMag.
Last edited by Son of a Beach on Mon 07 Sep, 2020 9:46 am, edited 1 time in total.
Son of a Beach
Lagarostrobos franklinii
Lagarostrobos franklinii
 
Posts: 7014
Joined: Thu 01 Mar, 2007 7:55 am
ASSOCIATED ORGANISATIONS: Bit Map (NIXANZ)
Region: Tasmania
Gender: Male

Re: Website Not Secure

Postby wildwalks » Mon 07 Sep, 2020 9:45 am

Son of a Beach wrote:Some people might notice that some pages still show as "not secure" in some browsers. I think this may be because those pages include images or links to non-secure content.

Yes, thanks for this, I am working on this, seems to be mostly due to with the magazine images on the home page. But all content posted and passwords etc is HTTPs.
Hope to fix this issue today or tomorrow :)

Thanks
wildwalks
Magnus administratio
Magnus administratio
 
Posts: 946
Joined: Mon 22 Nov, 2010 4:35 pm
ASSOCIATED ORGANISATIONS: Wildwalks, Bushwalk.com & NPA NSW
Region: New South Wales
Gender: Male

Re: Website Not Secure

Postby FatCanyoner » Mon 07 Sep, 2020 10:10 am

Great stuff Matt!
User avatar
FatCanyoner
Athrotaxis selaginoides
Athrotaxis selaginoides
 
Posts: 1048
Joined: Fri 12 Aug, 2011 7:45 pm
Location: Blue Mountains
ASSOCIATED ORGANISATIONS: www.FatCanyoners.org www.CanyonGear.com.au
Region: New South Wales
Gender: Male

Re: Website Not Secure

Postby wildwalks » Mon 07 Sep, 2020 10:24 am

FatCanyoner wrote:Great stuff Matt!

Thanks :)
wildwalks
Magnus administratio
Magnus administratio
 
Posts: 946
Joined: Mon 22 Nov, 2010 4:35 pm
ASSOCIATED ORGANISATIONS: Wildwalks, Bushwalk.com & NPA NSW
Region: New South Wales
Gender: Male

Re: Website Not Secure

Postby Mountain Rocket » Mon 07 Sep, 2020 9:02 pm

Awesome thanks for this Matt.
User avatar
Mountain Rocket
Phyllocladus aspleniifolius
Phyllocladus aspleniifolius
 
Posts: 871
Joined: Sat 27 Aug, 2011 5:46 pm
Region: Tasmania
Gender: Male

Re: Website Not Secure

Postby ribuck » Tue 08 Sep, 2020 5:11 am

Thank you!
User avatar
ribuck
Athrotaxis selaginoides
Athrotaxis selaginoides
 
Posts: 1883
Joined: Wed 15 May, 2013 3:47 am
Region: Other Country
Gender: Male

Re: Website Not Secure

Postby north-north-west » Tue 08 Sep, 2020 7:34 am

The browser is now showing a lovely little padlock. Neat, and thank you.
"Mit der Dummheit kämpfen Götter selbst vergebens."
User avatar
north-north-west
Lagarostrobos franklinii
Lagarostrobos franklinii
 
Posts: 15069
Joined: Thu 14 May, 2009 7:36 pm
Location: The Asylum
ASSOCIATED ORGANISATIONS: Social Misfits Anonymous
Region: Tasmania

Re: Website Not Secure

Postby wildwalks » Tue 08 Sep, 2020 8:53 am

Thanks guys -- sorry it took forever :)
wildwalks
Magnus administratio
Magnus administratio
 
Posts: 946
Joined: Mon 22 Nov, 2010 4:35 pm
ASSOCIATED ORGANISATIONS: Wildwalks, Bushwalk.com & NPA NSW
Region: New South Wales
Gender: Male

Re: Website Not Secure

Postby Franco » Tue 08 Sep, 2020 9:53 am

I still had the bookmark for the original Tasmania Bushwalks (or something like that...)
That worked till a couple of days ago.
So now I Googled Bushwalk Australia, the site came up so I have a new bookmark that works.
Franco
Lagarostrobos franklinii
Lagarostrobos franklinii
 
Posts: 2957
Joined: Thu 30 Oct, 2008 6:48 pm
Region: Victoria
Gender: Male

Re: Website Not Secure

Postby Chris » Fri 11 Sep, 2020 12:20 am

Screen Shot 2020-09-10 at 5.47.33 pm.png
Screen Shot 2020-09-10 at 5.47.17 pm.png

Sorry Matt, maybe the answer to my problem is already here but ...
For the last few days I've been getting these messages whenever I try to access the site. I use https://www.bushwalk.com/forum/search.p ... ive_topics.

It worried me at first, but I eventually decided to go ahead. It's still a pest though :D

I see NNW''s lovely little padlock, and include https://, so have run out of options from the recent posts.

Is this easily fixable?
You do not have the required permissions to view the files attached to this post.
User avatar
Chris
Athrotaxis cupressoides
Athrotaxis cupressoides
 
Posts: 422
Joined: Sat 08 Mar, 2008 1:14 pm
Region: Tasmania
Gender: Female

Re: Website Not Secure

Postby ribuck » Fri 11 Sep, 2020 7:31 am

Try it without the "www.", Chris.
User avatar
ribuck
Athrotaxis selaginoides
Athrotaxis selaginoides
 
Posts: 1883
Joined: Wed 15 May, 2013 3:47 am
Region: Other Country
Gender: Male

Re: Website Not Secure

Postby wildwalks » Fri 11 Sep, 2020 8:13 am

Chris wrote:Is this easily fixable?

Hi Chris
Yes thanks for this. For now just got to https://bushwalk.com (no www.) That will solve the issue.
Weird, because the website should redirect and drop the www., so I will look into that and if needed I will add the www to the certificate to fix it for others.
Thanks for letting me know.
Matt :)
wildwalks
Magnus administratio
Magnus administratio
 
Posts: 946
Joined: Mon 22 Nov, 2010 4:35 pm
ASSOCIATED ORGANISATIONS: Wildwalks, Bushwalk.com & NPA NSW
Region: New South Wales
Gender: Male

Re: Website Not Secure

Postby Chris » Fri 11 Sep, 2020 11:03 am

Thanks Matt. Done :D
User avatar
Chris
Athrotaxis cupressoides
Athrotaxis cupressoides
 
Posts: 422
Joined: Sat 08 Mar, 2008 1:14 pm
Region: Tasmania
Gender: Female

Re: Website Not Secure

Postby Son of a Beach » Tue 22 Sep, 2020 8:20 am

Looks like the YouTube tags are no longer working (at least at viewtopic.php?f=10&t=31483&view=unread#unread ). I'm not sure if its related to this change but the timing is about right.
Son of a Beach
Lagarostrobos franklinii
Lagarostrobos franklinii
 
Posts: 7014
Joined: Thu 01 Mar, 2007 7:55 am
ASSOCIATED ORGANISATIONS: Bit Map (NIXANZ)
Region: Tasmania
Gender: Male

Next

Return to Forum & Site

Who is online

Users browsing this forum: No registered users and 4 guests