Website and forum security issues

Post a reply


This question is a means of preventing automated form submissions by spambots.
Smilies
:| :? :) :wink: :D XD :3 :( :lol2: :o :shock: O_o :x :stressed: :P :oops: :cry: :evil: :twisted: 8) :augh: :stare: :roll: :annoyed: :hmm: :geek: :lecture: :ninja: :!: :?: :idea: :arrow: :!!!: :...: :zZz:
View more smilies

BBCode is ON
[img] is OFF
[url] is ON
Smilies are ON

Topic review
   

Expand view Topic review: Website and forum security issues

Re: Website and forum security issues

by Bethrezen » 05 Nov 2017, 05:17

Actually, the problem was the cert expired.
Then it was renewed.

So, if you happen to go there (here) while it was expired, it would show you that error.
if that's the case and the certificate has been renewed then why does going to https://www.wz2100.net/ still show an outdated certificate and hence give the error ?

Here is what i got just now when i tried https://www.wz2100.net/

Image

also when i click the forum button on the main page its still taking me to the http version of the forum instead of the https version and if you then subsequently login you get the http version of the login page instead of the https version which is not secure so I'd recommend using .htaccess file or a php redirect to make sure that visitors are always using the https version of the site.

Re: Website and forum security issues

by vexed » 01 Nov 2017, 04:44

Actually, the problem was the cert expired.
Then it was renewed.

So, if you happen to go there (here) while it was expired, it would show you that error.

Re: Website and forum security issues

by JimmyJack » 28 Oct 2017, 02:52

I tried the www one with WaterFox and got the same error both when I clicked your link and when I typed it in.
Bethrezen wrote:Third for some reason the forum keeps logging me out, and I have to keep logging back in not a big issue but kind of irritating so might be an idea to have someone look into this as well.

I also had that same problem a-lot when using the Chrome browser. But it went away when I started using WaterFox.

Re: Website and forum security issues

by NoQ » 24 Oct 2017, 18:03

Bethrezen wrote:https://wz2100.net/ i don't get the error about the certificate.
However if i go to https://www.wz2100.net/ i do.
Yeah, that explains. I didn't type www, so i never saw the problem.

Re: Website and forum security issues

by Bethrezen » 24 Oct 2017, 04:15

I just noticed something else when i go to

https://wz2100.net/ i don't get the error about the certificate.
However if i go to https://www.wz2100.net/ i do.

Notice the difference with those addressees the one that triggers the certificate warning has the WWW prefix why that would make a difference I'm not sure but it would seem that for what ever reason the WWW prefix is what is triggering the certificate warning.

If you come to the warzone site via https://www.wz2100.net/ which is the url you get on duckduckgo when you search for warzone 2100 and you are using Firefox then you will get the certificate warning, test it out your self.

not really sure who is at fault here but it seems as though the warzone site is simply not handling this correctly and should probably be redirecting users to https://wz2100.net/ before doing the certificate check which would stop this issue for happening.

Re: Website and forum security issues

by Bethrezen » 24 Oct 2017, 03:11

after looking in to this some more i came across this

https://support.mozilla.org/en-US/kb/tr ... =inproduct

which would seem to indicate that the problem could possibly be the warzone websites, since i only see this problem with the warzone site.
The error occurs on one particular site only

In case you get this problem on one particular site only, this type of error generally indicates that the web server is not configured properly.

Re: Website and forum security issues

by Bethrezen » 24 Oct 2017, 02:52

That seems to be on your side - someone is man-in-the-middle-ing your connection to forums.wz2100.net, maybe a proxy, and https is correctly failing in order to indicate that, which is the whole point of http
I don't use a proxy and if it is that case that the connection is being man in the middled then shouldn't all https connections fail in the same fashion ? the reason i ask is because i don't have that problem with other sites that use https like https://start.duckduckgo.com/ for example

According to the screen shot the issue is the certificate
The certificate is not trusted because it is self-signed.
The certificate is not valid for the name http://www.wz2100.net.
The certificate expired on 15 October 2015 20:47. The current time is 24 October 2017 01:27.
also when i hover over the link on the main page to come to the forum the link is incorrect

Image

note in the bottom left corner how it says http://forums.wz2100.net/ instead of https://forums.wz2100.net/

also if the site is going to use https then shouldn't it automatically redirect you to the secure https address if you try to connect to the insecure http address.

Re: Website and forum security issues

by Berg » 23 Oct 2017, 23:34

NoQ wrote: That seems to be on your side - someone is man-in-the-middle-ing your connection to forums.wz2100.net, maybe a proxy, and https is correctly failing in order to indicate that, which is the whole point of https.
I think there is more too it then it being his side this also happens to me I have to tell firefox to ignore the warning.
Could it be the security certificate or what ever it is for wz2100 needs updating ?

Re: Website and forum security issues

by NoQ » 23 Oct 2017, 11:55

Bethrezen wrote:Hi all

Couple of things first off when I load the warzone site in Firefox I'm getting the following warning message.

Image

So it might be an idea to fix that.
That seems to be on your side - someone is man-in-the-middle-ing your connection to forums.wz2100.net, maybe a proxy, and https is correctly failing in order to indicate that, which is the whole point of https.

Website and forum security issues

by Bethrezen » 23 Oct 2017, 11:04

Hi all

Couple of things first off when I load the warzone site in Firefox I'm getting the following warning message.

Image

So it might be an idea to fix that.

Second when I click the link to go to the forum it's taking me to the insecure and unencrypted version of the login page, http://forums.wz2100.net/ instead of the secure encrypted version https://forums.wz2100.net/

Also when I click on the login button on the forum again its taking me to the insecure and unencrypted version of the login page ucp.php?mode=login instead of the secure encrypted version https://forums.wz2100.net/ucp.php?mode=login

So it might be an idea to have some one fix this to make sure that users are always taken to the secure encrypted login page, as that is a potential security problem that could result in people having there login details stolen, as is the warzone site has already been compromised once before so it might be an idea to have someone sort this out.

Third for some reason the forum keeps logging me out, and I have to keep logging back in not a big issue but kind of irritating so might be an idea to have someone look into this as well.

Top