Site Not Secure?

A forum about the forums

Moderator: Carleas

Site Not Secure?

Postby derleydoo » Thu Jul 02, 2020 12:36 am

Something happened? The site is listed, in red type as Not Secure, alongside a triangular red exclamation mark! Not happened before. Had a warning come up: Don't enter sensitive material - bank details etc. :-k
User avatar
derleydoo
Thinker
 
Posts: 688
Joined: Wed Dec 07, 2005 3:03 am

Re: Site Not Secure?

Postby Peter Kropotkin » Thu Jul 02, 2020 1:00 am

a couple of questions...

what device were you on? were you on your phone?
on the computer? I have found if I go on this site on my phone
and near a house/business/phone trying to hack my phone, my
phone will have that same warning on it.... so what exactly happened?

Kropotkin
"Those who sacrifice liberty for security
wind up with neither."
"Ben Franklin"
Peter Kropotkin
ILP Legend
 
Posts: 8468
Joined: Thu Apr 07, 2005 1:47 am
Location: blue state

Re: Site Not Secure?

Postby derleydoo » Thu Jul 02, 2020 1:19 am

I was on a laptop. Now on iPad and getting a similar warning... triangular exclamation mark. Odd.
User avatar
derleydoo
Thinker
 
Posts: 688
Joined: Wed Dec 07, 2005 3:03 am

Re: Site Not Secure?

Postby Peter Kropotkin » Thu Jul 02, 2020 3:45 am

derleydoo wrote:I was on a laptop. Now on iPad and getting a similar warning... triangular exclamation mark. Odd.


K: it sounds like, being the expert I am :lol:

that someone is trying to or has hacked your devices....

hopefully you don't put your bank cards or anything valuable into these
devices...the best I can offer..... being computer illiterate that I am...

I hope this has help and if not, sorry....

Kropotkin
"Those who sacrifice liberty for security
wind up with neither."
"Ben Franklin"
Peter Kropotkin
ILP Legend
 
Posts: 8468
Joined: Thu Apr 07, 2005 1:47 am
Location: blue state

Re: Site Not Secure?

Postby Ecmandu » Thu Jul 02, 2020 5:01 am

Carleas basically had a post about a month ago explaining that the non secure status of the site was a matter of programming politics, not that the site was actually not secure.

I’m sure he’ll come here and explain it again.
Ecmandu
ILP Legend
 
Posts: 10858
Joined: Thu Dec 11, 2014 1:22 am

Re: Site Not Secure?

Postby Karpel Tunnel » Thu Jul 02, 2020 7:11 am

The site is not secure. I have always gotten a similar warning from my computer about this forum.

Don't use an important password on this site, iow one that you use on anything improtant like banks or email accounts.

Otherwise all they can do is log in and post for you, but that's nothing.
Karpel Tunnel
Philosopher
 
Posts: 3335
Joined: Wed Jan 10, 2018 12:26 pm

Re: Site Not Secure?

Postby Ecmandu » Thu Jul 02, 2020 3:45 pm

Karpel,

I get the same message as well. Your advice about passwords in general is always good advice (even for secure sites). I’m not a programmer so I didn’t understand much of what Carleas explained other than that he asserted that the “not secure” flag was misleading.
Ecmandu
ILP Legend
 
Posts: 10858
Joined: Thu Dec 11, 2014 1:22 am

Re: Site Not Secure?

Postby Carleas » Sun Jul 12, 2020 2:00 am

Hi, sorry, just seeing this.

I think this is the earlier comment Ecmandu is talking about.

TLDR: We don't use encryption, traffic to the site passes through a third party, and we don't have certificates that establish that we are who we say we are. I don't think any of that is a problem, but Google does.

Encryption: there's no encryption (connection to ILP uses HTTP and not HTTPS), packets passed back and forth between your computer and ILP's server could in theory be intercepted.

Traffic passes through a third party: we use Cloudflare to protect against DDOS attacks. They are reputable, but this may be flagged as sketchy without a certificate or something else to show it's intended.

We don't have certificates: I don't fully understand how this works or what it does, but it's something to do with proving who we are. For example, if you are giving your bank details to a website, you want to be sure it's your bank, and there are third party services that make that happen. It's much less crucial here, it costs money, and I don't know how to set it up.

Google is probably right to make that kind of warning prominent, but it does favor larger, more sophisticated operations over hobbyist sites like ILP. You aren't being hacked, you aren't going to get viruses (if ILP served viruses, Google would flag that differently and yet more prominently), but you shouldn't share very sensitive info through ILP.
User Control Panel > Board preference > Edit display options > Display signatures: No.
Carleas
Magister Ludi
 
Posts: 6107
Joined: Wed Feb 02, 2005 8:10 pm
Location: Washington DC, USA

Re: Site Not Secure?

Postby Meno_ » Sun Jul 12, 2020 2:48 am

What is considered ' very sensitive' info ?
Meno_
ILP Legend
 
Posts: 7292
Joined: Tue Dec 08, 2015 2:39 am
Location: Mysterium Tremendum

Re: Site Not Secure?

Postby derleydoo » Sun Jul 12, 2020 1:30 pm

Thanks Carleas. Strange, I use an ipad and there is a padlock displayed for ordinary browsing. The moment I sign in I receive a warning - site not secure.

Laptop states, not secure when browsing. The moment I sign in I get the not secure sign in red, alongside a triangular red exclamation.

This is a recent phenomenon - past couple of weeks. Never mind - it is what it is! Thanks for feedback.
User avatar
derleydoo
Thinker
 
Posts: 688
Joined: Wed Dec 07, 2005 3:03 am

Re: Site Not Secure?

Postby Carleas » Mon Jul 13, 2020 3:31 am

I wonder if Chrome can tell that you're logged in, and tries to make it clear that being logged in doesn't mean being secure. That would be a good feature.

Meno_ wrote:What is considered ' very sensitive' info ?

Any info that it would or could possibly be costly to you for a malicious third party to have.
User Control Panel > Board preference > Edit display options > Display signatures: No.
Carleas
Magister Ludi
 
Posts: 6107
Joined: Wed Feb 02, 2005 8:10 pm
Location: Washington DC, USA

Re: Site Not Secure?

Postby fuse » Sat Aug 15, 2020 10:14 am

Carleas,

If you're already using Cloudflare you should be able to rather easily set up an auto-renewing ssl certificate for this site by letting Cloudflare do the work. It's free for most sites. I use it for my personal website. Here's a pretty good guide: https://www.freecodecamp.org/news/free- ... 1ca570324/

Although I'm not a networking expert, I've set this up on my site and I'm happy to try to help if you get stuck or something. I think it's worth doing.
User avatar
fuse
Philosopher
 
Posts: 4581
Joined: Thu Jul 20, 2006 5:13 pm

Re: Site Not Secure?

Postby Mowk » Sat Aug 15, 2020 2:07 pm

Must be a recent change but I'm logging in through https. Good show. "Duck-duck-go" upgraded it's rating for this site in regards to security from a C- to a B+.
Mowk
Philosopher
 
Posts: 2041
Joined: Thu Feb 02, 2012 8:17 pm
Location: In a state of excessive consumption

Re: Site Not Secure?

Postby Carleas » Tue Aug 18, 2020 4:45 pm

Thanks Fuse, I did not know about that. I might take you up on your offer to advise if I can't do it on my own.

Mowk wrote:Must be a recent change but I'm logging in through https. Good show. "Duck-duck-go" upgraded it's rating for this site in regards to security from a C- to a B+.

How strange, I have changed nothing. Maybe the average site has gotten worse, and we're looking better by comparison. Moving up by dumbing down!
User Control Panel > Board preference > Edit display options > Display signatures: No.
Carleas
Magister Ludi
 
Posts: 6107
Joined: Wed Feb 02, 2005 8:10 pm
Location: Washington DC, USA

Re: Site Not Secure?

Postby Mowk » Tue Aug 18, 2020 7:24 pm

Capture.PNG
Capture.PNG (53.13 KiB) Viewed 665 times
Well perhaps it was Cloudfare that helped you out. I no longer find the little security alert when hovering over the URL. It is https and verified by Cloudfare.
Mowk
Philosopher
 
Posts: 2041
Joined: Thu Feb 02, 2012 8:17 pm
Location: In a state of excessive consumption

Re: Site Not Secure?

Postby fuse » Wed Aug 19, 2020 1:42 am

Nice, Mowk.

I can confirm that https://www.ilovephilosophy.com is working. Likely why the security rating has improved. It appears Cloudflare is already managing the ssl certificate for the site, as shown in Mowk's screenshot where it says "Verified by: Cloudflare." However, the site does not redirect to the 'https' address by default. This should be easily changed via Cloudflare configuration by enabling the below setting.

On this page:
cloudflare_config.png
cloudflare_config.png (29.12 KiB) Viewed 652 times

Scroll down and enable:
cloudflare_alwayshttps.png
cloudflare_alwayshttps.png (15.76 KiB) Viewed 652 times

This ensures that anybody who navigates to the site will end up at the more secure https url.
User avatar
fuse
Philosopher
 
Posts: 4581
Joined: Thu Jul 20, 2006 5:13 pm

Re: Site Not Secure?

Postby Carleas » Wed Aug 19, 2020 2:46 pm

Well, that was stupid easy. My sincere thanks to you both, that is a small but important improvement, and I appreciate the hand-holding.
User Control Panel > Board preference > Edit display options > Display signatures: No.
Carleas
Magister Ludi
 
Posts: 6107
Joined: Wed Feb 02, 2005 8:10 pm
Location: Washington DC, USA

Re: Site Not Secure?

Postby fuse » Thu Aug 20, 2020 5:59 am

Anytime. I appreciate that you're willing to make these improvements from time to time.
User avatar
fuse
Philosopher
 
Posts: 4581
Joined: Thu Jul 20, 2006 5:13 pm

Re: Site Not Secure?

Postby Mowk » Thu Aug 27, 2020 6:13 am

the credit goes to fuse. i didn't do anything but point, a trained dog can do that.

and thank you.

Yum, Bacon.... my fav.
Mowk
Philosopher
 
Posts: 2041
Joined: Thu Feb 02, 2012 8:17 pm
Location: In a state of excessive consumption


Return to Meta



Who is online

Users browsing this forum: No registered users