Printable Version of Topic

Click here to view this topic in its original format

FightBack Forums _ Website Design _ certificate

Posted by: sputnik365 Wed, 26 Apr 2017 - 13:16
Post #1280628

<h1 class="title">Your connection is not secure
??
</h1><h1 class="title">"The owner of forums.pepipoo.com has configured their web site improperly. To protect your information from being stolen, Firefox has not connected to this web site."</h1>


<h1 class="title">"How to troubleshoot the error code "SEC_ERROR_UNKNOWN_ISSUER" on secure websites</h1> On websites which are supposed to be secure (the URL begins with "https://"), Firefox must verify that the certificate presented by the website is valid. If the certificate cannot be validated, Firefox will stop the connection to the website and show a "https://support.mozilla.org/en-US/kb/what-does-your-connection-is-not-secure-mean" error message instead. This article explains why you might see the error code "SEC_ERROR_UNKNOWN_ISSUER" on websites and how to troubleshoot it."


Posted by: The Rookie Wed, 26 Apr 2017 - 13:20
Post #1280630

Eh?

Posted by: BaggieBoy Wed, 26 Apr 2017 - 14:13
Post #1280647

Suspect they are trying to connect using HTTPS. It seems the "pepipoo.com" SSL certificate expired in 2009!

Posted by: Lodesman Wed, 26 Apr 2017 - 14:42
Post #1280650

I don't use Firefox but, out of curiosity, I opened it and accessed Pepipoo there with no difficulty at all.

Came up in the same way as it does on other browsers.

Posted by: Jlc Wed, 26 Apr 2017 - 14:59
Post #1280654

QUOTE (BaggieBoy @ Wed, 26 Apr 2017 - 15:13) *
Suspect they are trying to connect using HTTPS.

Actually the opposite - (modern) browsers warn when HTTPS is not being used. See https://www.searchenginejournal.com/google-is-requiring-https-for-secure-data-in-chrome/183756/

Chrome warns the same - 'Your connection to this site is not secure'. And is quite correct.

There is an outside chance of information being transported in plaintext being intercepted but this isn't your online bank...

Posted by: Sparxy Wed, 26 Apr 2017 - 16:20
Post #1280673

I'm sure Cacert and other free issuing authorities are recognised now as being a valid issuer - so SSL certificates are free.

Posted by: Pete P Fri, 16 Jun 2017 - 14:12
Post #1293119

Chrome and Firefox now explicitly warn that the login page is insecure as username and password are sent in plain text. Any chance of HTTPS guys? It's 2017, and SSL certificates are free and easy to install.
biggrin.gif

Posted by: Pete P Mon, 29 Jan 2018 - 00:50
Post #1351612

When is pepipoo going to move to HTTPS? I see there is a certificate for pepipoo.com (doesn't cover forums.pepipoo.com) but it expired 8 years ago. The major web browsers now give explicit warnings when web pages are serving form fields over HTTP and Firefox puts a very obtrusive warning underneath login boxes.

It's 2018, all sites should be using HTTPS only. You can do it for free now with Let's Encrypt, but even the commercial CA's don't charge much for a basic multi domain certificate. I am a web host myself and I offer it for free to all my customers.

Posted by: southpaw82 Mon, 29 Jan 2018 - 01:01
Post #1351614

What exactly would we be securing?

Posted by: paulajayne Mon, 29 Jan 2018 - 08:48
Post #1351631

QUOTE (southpaw82 @ Mon, 29 Jan 2018 - 01:01) *
What exactly would we be securing?



Logins and Passwords --

Posted by: Persepolis Sun, 17 Feb 2019 - 14:25
Post #1462916

Hi - I've just registered today (thank you for being here...!).

I want to share with you that when clicking on the password field and email field on the registration form a warning appeared in my address bar: "Website Not Secure".

Posted by: PPC_Scum Wed, 15 Jul 2020 - 20:30
Post #1575325

Hello admins,

Just wondered what the status of the cert for Pepipoo.com is?

It's a bit concerning typing login information, knowing it can be seen in the clear by anyone between the user and hosting provider, including the provider themselves.


Perhaps there is something I am missing here.



Obviously I am taking my own precautions when logging in, using different passwords and such. But I wonder if the typical Pepipoo user is taking these precautions.

Might be nice to have a message on signup informing users that their login credentials are not secure to other people on their wifi / network, and therefore to use a unique password, as we all know (hopefully) how bad the problem of re-using passwords is. Not to mention any legal issues(e.g. mass data collection, 5eyes etc), or being able to identify users and their PII.


Interested in any info you may have.

Regards

Posted by: mickR Fri, 16 Oct 2020 - 21:52
Post #1592787

all of a sudden im getting a "Not secure" warning in the url bar. "your connection to this site is not secure"

not seen that before and displays ob both browsers i use. any one else seeing this??

Posted by: Atomic Tomato Sat, 17 Oct 2020 - 08:08
Post #1592807

QUOTE (mickR @ Fri, 16 Oct 2020 - 22:52) *
any one else seeing this??

Yes

Posted by: BaggieBoy Sat, 17 Oct 2020 - 09:20
Post #1592822

It's been like this for years.

Posted by: PASTMYBEST Sat, 17 Oct 2020 - 09:53
Post #1592832

QUOTE (BaggieBoy @ Sat, 17 Oct 2020 - 10:20) *
It's been like this for years.


Certainly many months when Edge did an automatic update, for me

Posted by: BaggieBoy Sat, 17 Oct 2020 - 10:05
Post #1592834

Here is someone mentioning it in 2017.

http://pepipoo.com/forums/lofiversion/index.php/t113241.html

Posted by: mickR Sat, 17 Oct 2020 - 10:35
Post #1592842

Ive only noticed this in last couple of days! Both on Edge and google. Ill try IE and see if it does same.

Posted by: BaggieBoy Sat, 17 Oct 2020 - 11:00
Post #1592849

It will do the same, Pepipoo hasn't had a valid SSL certificate for 11 years or so. Site owners don't seem to care.

Posted by: mickR Sat, 17 Oct 2020 - 17:15
Post #1592928

Its noticable that today a total of 6x threads on this subject have been merged, yet noticable by its absence is any comment from Fredd ! huh.gif

Posted by: Fredd Sat, 17 Oct 2020 - 17:39
Post #1592935

That would be because Fredd has nothing new to add to his previous comments on this subject. wink.gif

In short, there's little point in encrypting information that has no value to anyone who might have the means, motive and opportunity to intercept it and is publicly accessible once it's been posted anyway.

Posted by: mickR Sat, 17 Oct 2020 - 17:48
Post #1592937

QUOTE (Fredd @ Sat, 17 Oct 2020 - 18:39) *
That would be because Fredd has nothing new to add to his previous comments on this subject. wink.gif


I must have missed those comments somewhere else other than these 6 merged threads then rolleyes.gif wink.gif

Posted by: Fredd Sat, 17 Oct 2020 - 18:04
Post #1592941

QUOTE (mickR @ Sat, 17 Oct 2020 - 18:48) *
I must have missed those comments somewhere else other than these 6 merged threads then rolleyes.gif wink.gif

Well you've missed the "not secure" warnings that just about every browser has been displaying for the last 6 months or so, so probably you have. tongue.gif

Posted by: mickR Sat, 17 Oct 2020 - 18:24
Post #1592944

Touchè

Posted by: cp8759 Sat, 17 Oct 2020 - 19:44
Post #1592970

QUOTE (Fredd @ Sat, 17 Oct 2020 - 18:39) *
That would be because Fredd has nothing new to add to his previous comments on this subject. wink.gif

In short, there's little point in encrypting information that has no value to anyone who might have the means, motive and opportunity to intercept it and is publicly accessible once it's been posted anyway.

Doesn't that create a risk to non-public information like PMs, passwords, email addresses etc?

Posted by: mdann52 Mon, 7 Dec 2020 - 16:13
Post #1604191

Personally, setting HTTPS up with something like letsencrypt may well help indirectly - Google tends to rank such sites higher up, and most servers only support faster protocols such as HTTP/2 for connections using certificates.

Of course, people shouldn't be reusing passwords across sites, however that is always going to be an issue if you use HTTP or not regardless....

Posted by: capricorn429 Tue, 12 Apr 2022 - 22:16
Post #1706415

Hi Guys,

I really appreciate what you do here, there's some great advice and a lot of people successfully won against these disgusting parking cowboys. However, I work in cybersecurity and have identified a couple of critical security vulnerabilities with your forum which need addressing as a matter of urgency.

I'm sorry to post this publicly, but I can't find any way to contact the owners. Please let me know how I can get in contact with whoever is responsible for this forum to discuss this, I'd be more than happy to assist.

Thanks

Powered by Invision Power Board (http://www.invisionboard.com)
© Invision Power Services (http://www.invisionpower.com)