Page 1 of 1

Site Not Secure?

PostPosted: Thu Jul 02, 2020 12:36 am
by derleydoo
Something happened? The site is listed, in red type as Not Secure, alongside a triangular red exclamation mark! Not happened before. Had a warning come up: Don't enter sensitive material - bank details etc. :-k

Re: Site Not Secure?

PostPosted: Thu Jul 02, 2020 1:00 am
by Peter Kropotkin
a couple of questions...

what device were you on? were you on your phone?
on the computer? I have found if I go on this site on my phone
and near a house/business/phone trying to hack my phone, my
phone will have that same warning on it.... so what exactly happened?

Kropotkin

Re: Site Not Secure?

PostPosted: Thu Jul 02, 2020 1:19 am
by derleydoo
I was on a laptop. Now on iPad and getting a similar warning... triangular exclamation mark. Odd.

Re: Site Not Secure?

PostPosted: Thu Jul 02, 2020 3:45 am
by Peter Kropotkin
derleydoo wrote:I was on a laptop. Now on iPad and getting a similar warning... triangular exclamation mark. Odd.


K: it sounds like, being the expert I am :lol:

that someone is trying to or has hacked your devices....

hopefully you don't put your bank cards or anything valuable into these
devices...the best I can offer..... being computer illiterate that I am...

I hope this has help and if not, sorry....

Kropotkin

Re: Site Not Secure?

PostPosted: Thu Jul 02, 2020 5:01 am
by Ecmandu
Carleas basically had a post about a month ago explaining that the non secure status of the site was a matter of programming politics, not that the site was actually not secure.

I’m sure he’ll come here and explain it again.

Re: Site Not Secure?

PostPosted: Thu Jul 02, 2020 7:11 am
by Karpel Tunnel
The site is not secure. I have always gotten a similar warning from my computer about this forum.

Don't use an important password on this site, iow one that you use on anything improtant like banks or email accounts.

Otherwise all they can do is log in and post for you, but that's nothing.

Re: Site Not Secure?

PostPosted: Thu Jul 02, 2020 3:45 pm
by Ecmandu
Karpel,

I get the same message as well. Your advice about passwords in general is always good advice (even for secure sites). I’m not a programmer so I didn’t understand much of what Carleas explained other than that he asserted that the “not secure” flag was misleading.

Re: Site Not Secure?

PostPosted: Sun Jul 12, 2020 2:00 am
by Carleas
Hi, sorry, just seeing this.

I think this is the earlier comment Ecmandu is talking about.

TLDR: We don't use encryption, traffic to the site passes through a third party, and we don't have certificates that establish that we are who we say we are. I don't think any of that is a problem, but Google does.

Encryption: there's no encryption (connection to ILP uses HTTP and not HTTPS), packets passed back and forth between your computer and ILP's server could in theory be intercepted.

Traffic passes through a third party: we use Cloudflare to protect against DDOS attacks. They are reputable, but this may be flagged as sketchy without a certificate or something else to show it's intended.

We don't have certificates: I don't fully understand how this works or what it does, but it's something to do with proving who we are. For example, if you are giving your bank details to a website, you want to be sure it's your bank, and there are third party services that make that happen. It's much less crucial here, it costs money, and I don't know how to set it up.

Google is probably right to make that kind of warning prominent, but it does favor larger, more sophisticated operations over hobbyist sites like ILP. You aren't being hacked, you aren't going to get viruses (if ILP served viruses, Google would flag that differently and yet more prominently), but you shouldn't share very sensitive info through ILP.

Re: Site Not Secure?

PostPosted: Sun Jul 12, 2020 2:48 am
by Meno_
What is considered ' very sensitive' info ?

Re: Site Not Secure?

PostPosted: Sun Jul 12, 2020 1:30 pm
by derleydoo
Thanks Carleas. Strange, I use an ipad and there is a padlock displayed for ordinary browsing. The moment I sign in I receive a warning - site not secure.

Laptop states, not secure when browsing. The moment I sign in I get the not secure sign in red, alongside a triangular red exclamation.

This is a recent phenomenon - past couple of weeks. Never mind - it is what it is! Thanks for feedback.

Re: Site Not Secure?

PostPosted: Mon Jul 13, 2020 3:31 am
by Carleas
I wonder if Chrome can tell that you're logged in, and tries to make it clear that being logged in doesn't mean being secure. That would be a good feature.

Meno_ wrote:What is considered ' very sensitive' info ?

Any info that it would or could possibly be costly to you for a malicious third party to have.

Re: Site Not Secure?

PostPosted: Sat Aug 15, 2020 10:14 am
by fuse
Carleas,

If you're already using Cloudflare you should be able to rather easily set up an auto-renewing ssl certificate for this site by letting Cloudflare do the work. It's free for most sites. I use it for my personal website. Here's a pretty good guide: https://www.freecodecamp.org/news/free- ... 1ca570324/

Although I'm not a networking expert, I've set this up on my site and I'm happy to try to help if you get stuck or something. I think it's worth doing.

Re: Site Not Secure?

PostPosted: Sat Aug 15, 2020 2:07 pm
by Mowk
Must be a recent change but I'm logging in through https. Good show. "Duck-duck-go" upgraded it's rating for this site in regards to security from a C- to a B+.

Re: Site Not Secure?

PostPosted: Tue Aug 18, 2020 4:45 pm
by Carleas
Thanks Fuse, I did not know about that. I might take you up on your offer to advise if I can't do it on my own.

Mowk wrote:Must be a recent change but I'm logging in through https. Good show. "Duck-duck-go" upgraded it's rating for this site in regards to security from a C- to a B+.

How strange, I have changed nothing. Maybe the average site has gotten worse, and we're looking better by comparison. Moving up by dumbing down!

Re: Site Not Secure?

PostPosted: Tue Aug 18, 2020 7:24 pm
by Mowk
Capture.PNG
Capture.PNG (53.13 KiB) Viewed 674 times
Well perhaps it was Cloudfare that helped you out. I no longer find the little security alert when hovering over the URL. It is https and verified by Cloudfare.

Re: Site Not Secure?

PostPosted: Wed Aug 19, 2020 1:42 am
by fuse
Nice, Mowk.

I can confirm that https://www.ilovephilosophy.com is working. Likely why the security rating has improved. It appears Cloudflare is already managing the ssl certificate for the site, as shown in Mowk's screenshot where it says "Verified by: Cloudflare." However, the site does not redirect to the 'https' address by default. This should be easily changed via Cloudflare configuration by enabling the below setting.

On this page:
cloudflare_config.png
cloudflare_config.png (29.12 KiB) Viewed 661 times

Scroll down and enable:
cloudflare_alwayshttps.png
cloudflare_alwayshttps.png (15.76 KiB) Viewed 661 times

This ensures that anybody who navigates to the site will end up at the more secure https url.

Re: Site Not Secure?

PostPosted: Wed Aug 19, 2020 2:46 pm
by Carleas
Well, that was stupid easy. My sincere thanks to you both, that is a small but important improvement, and I appreciate the hand-holding.

Re: Site Not Secure?

PostPosted: Thu Aug 20, 2020 5:59 am
by fuse
Anytime. I appreciate that you're willing to make these improvements from time to time.

Re: Site Not Secure?

PostPosted: Thu Aug 27, 2020 6:13 am
by Mowk
the credit goes to fuse. i didn't do anything but point, a trained dog can do that.

and thank you.

Yum, Bacon.... my fav.