Website and forum security issues
Website and forum security issues
Hi all
Couple of things first off when I load the warzone site in Firefox I'm getting the following warning message.
So it might be an idea to fix that.
Second when I click the link to go to the forum it's taking me to the insecure and unencrypted version of the login page, http://forums.wz2100.net/ instead of the secure encrypted version https://forums.wz2100.net/
Also when I click on the login button on the forum again its taking me to the insecure and unencrypted version of the login page ucp.php?mode=login instead of the secure encrypted version https://forums.wz2100.net/ucp.php?mode=login
So it might be an idea to have some one fix this to make sure that users are always taken to the secure encrypted login page, as that is a potential security problem that could result in people having there login details stolen, as is the warzone site has already been compromised once before so it might be an idea to have someone sort this out.
Third for some reason the forum keeps logging me out, and I have to keep logging back in not a big issue but kind of irritating so might be an idea to have someone look into this as well.
Couple of things first off when I load the warzone site in Firefox I'm getting the following warning message.
So it might be an idea to fix that.
Second when I click the link to go to the forum it's taking me to the insecure and unencrypted version of the login page, http://forums.wz2100.net/ instead of the secure encrypted version https://forums.wz2100.net/
Also when I click on the login button on the forum again its taking me to the insecure and unencrypted version of the login page ucp.php?mode=login instead of the secure encrypted version https://forums.wz2100.net/ucp.php?mode=login
So it might be an idea to have some one fix this to make sure that users are always taken to the secure encrypted login page, as that is a potential security problem that could result in people having there login details stolen, as is the warzone site has already been compromised once before so it might be an idea to have someone sort this out.
Third for some reason the forum keeps logging me out, and I have to keep logging back in not a big issue but kind of irritating so might be an idea to have someone look into this as well.
Re: Website and forum security issues
That seems to be on your side - someone is man-in-the-middle-ing your connection to forums.wz2100.net, maybe a proxy, and https is correctly failing in order to indicate that, which is the whole point of https.
Maps | Tower Defense | NullBot AI | More NullBot AI | Scavs | More Scavs | Tilesets | Walkthrough | JSCam
Re: Website and forum security issues
I think there is more too it then it being his side this also happens to me I have to tell firefox to ignore the warning.NoQ wrote: That seems to be on your side - someone is man-in-the-middle-ing your connection to forums.wz2100.net, maybe a proxy, and https is correctly failing in order to indicate that, which is the whole point of https.
Could it be the security certificate or what ever it is for wz2100 needs updating ?
Re: Website and forum security issues
I don't use a proxy and if it is that case that the connection is being man in the middled then shouldn't all https connections fail in the same fashion ? the reason i ask is because i don't have that problem with other sites that use https like https://start.duckduckgo.com/ for exampleThat seems to be on your side - someone is man-in-the-middle-ing your connection to forums.wz2100.net, maybe a proxy, and https is correctly failing in order to indicate that, which is the whole point of http
According to the screen shot the issue is the certificate
also when i hover over the link on the main page to come to the forum the link is incorrectThe certificate is not trusted because it is self-signed.
The certificate is not valid for the name http://www.wz2100.net.
The certificate expired on 15 October 2015 20:47. The current time is 24 October 2017 01:27.
note in the bottom left corner how it says http://forums.wz2100.net/ instead of https://forums.wz2100.net/
also if the site is going to use https then shouldn't it automatically redirect you to the secure https address if you try to connect to the insecure http address.
Re: Website and forum security issues
after looking in to this some more i came across this
https://support.mozilla.org/en-US/kb/tr ... =inproduct
which would seem to indicate that the problem could possibly be the warzone websites, since i only see this problem with the warzone site.
https://support.mozilla.org/en-US/kb/tr ... =inproduct
which would seem to indicate that the problem could possibly be the warzone websites, since i only see this problem with the warzone site.
The error occurs on one particular site only
In case you get this problem on one particular site only, this type of error generally indicates that the web server is not configured properly.
Re: Website and forum security issues
I just noticed something else when i go to
https://wz2100.net/ i don't get the error about the certificate.
However if i go to https://www.wz2100.net/ i do.
Notice the difference with those addressees the one that triggers the certificate warning has the WWW prefix why that would make a difference I'm not sure but it would seem that for what ever reason the WWW prefix is what is triggering the certificate warning.
If you come to the warzone site via https://www.wz2100.net/ which is the url you get on duckduckgo when you search for warzone 2100 and you are using Firefox then you will get the certificate warning, test it out your self.
not really sure who is at fault here but it seems as though the warzone site is simply not handling this correctly and should probably be redirecting users to https://wz2100.net/ before doing the certificate check which would stop this issue for happening.
https://wz2100.net/ i don't get the error about the certificate.
However if i go to https://www.wz2100.net/ i do.
Notice the difference with those addressees the one that triggers the certificate warning has the WWW prefix why that would make a difference I'm not sure but it would seem that for what ever reason the WWW prefix is what is triggering the certificate warning.
If you come to the warzone site via https://www.wz2100.net/ which is the url you get on duckduckgo when you search for warzone 2100 and you are using Firefox then you will get the certificate warning, test it out your self.
not really sure who is at fault here but it seems as though the warzone site is simply not handling this correctly and should probably be redirecting users to https://wz2100.net/ before doing the certificate check which would stop this issue for happening.
Re: Website and forum security issues
Yeah, that explains. I didn't type www, so i never saw the problem.Bethrezen wrote:https://wz2100.net/ i don't get the error about the certificate.
However if i go to https://www.wz2100.net/ i do.
Maps | Tower Defense | NullBot AI | More NullBot AI | Scavs | More Scavs | Tilesets | Walkthrough | JSCam
Re: Website and forum security issues
I tried the www one with WaterFox and got the same error both when I clicked your link and when I typed it in.
I also had that same problem a-lot when using the Chrome browser. But it went away when I started using WaterFox.
Bethrezen wrote:Third for some reason the forum keeps logging me out, and I have to keep logging back in not a big issue but kind of irritating so might be an idea to have someone look into this as well.
I also had that same problem a-lot when using the Chrome browser. But it went away when I started using WaterFox.
Transmission ends ...
Re: Website and forum security issues
Actually, the problem was the cert expired.
Then it was renewed.
So, if you happen to go there (here) while it was expired, it would show you that error.
Then it was renewed.
So, if you happen to go there (here) while it was expired, it would show you that error.
/facepalm ...Grinch stole Warzone contra principia negantem non est disputandum
Super busy, don't expect a timely reply back.
Super busy, don't expect a timely reply back.
Re: Website and forum security issues
if that's the case and the certificate has been renewed then why does going to https://www.wz2100.net/ still show an outdated certificate and hence give the error ?Actually, the problem was the cert expired.
Then it was renewed.
So, if you happen to go there (here) while it was expired, it would show you that error.
Here is what i got just now when i tried https://www.wz2100.net/
also when i click the forum button on the main page its still taking me to the http version of the forum instead of the https version and if you then subsequently login you get the http version of the login page instead of the https version which is not secure so I'd recommend using .htaccess file or a php redirect to make sure that visitors are always using the https version of the site.