The forum of the forums
Welcome to the Official Support Forum of Forumotion!

To take full advantage of everything offered by our forum, please log in if you are already a member, or join our community if you've not yet.



Create a free forum like this one.

Insecure log-in (again)

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

In progress Insecure log-in (again)

Post by jkh on March 14th 2017, 5:18 pm

Hi everyone

I refer once again to my previous topic which was locked and garbaged before I'd finished with it.

I have had many enquiries from members of my forum concerned about security issues.

I purchased the required credits to obtain the SSL certificate - and am still waiting for the credits to appear in the Admin Panel.

However, I note this forum isn't https and you still have the red padlock thingy and insecure warning.

I have looked at this Tutorial and it scares me to death that something will go wrong if/when I'm able to change over to https.

http://help.forumotion.com/t150650-ssl-certificate-guide-for-a-success-forum-migration-to-https
avatar
jkh
Forumember

Posts : 240
Reputation : 7
Language : english

http://jillhavern.forumotion.net/

Back to top Go down

In progress Re: Insecure log-in (again)

Post by SLGray on March 14th 2017, 9:07 pm

What scares you specifically?


When your topic has been solved, ensure you mark the topic solved.
Never post your email in public.

avatar
SLGray
Administrator
Administrator

Male Posts : 38477
Reputation : 2588
Language : English
Location : United States

http://ztwds.forumotion.com/

Back to top Go down

In progress Re: Insecure log-in (again)

Post by jkh on March 14th 2017, 9:37 pm

Hello SLGray

Where do I start....?

Not knowing what to do about existing images and links - losing things I suppose.
Not knowing which things to check....
Will avatars disappear?
Or will the images on the homepage of my forum disappear?
I also have to do something with the CSS Stylesheet - not sure what to do there either.

I did test this on my test forum, by buying credits for the SSL certificate and I changed over to htpps and nothing changed...but then that forum is pretty much empty anyway, although I did have to change a link.
Will I have to go through every single link and change it over to https?
I've got the green padlock on my test forum.



I was able to buy and spend the credits immediately, but when I bought more credits for my usual forum I'm still waiting for the credits to appear.

But as I said in my OP, the Forumotion support forum doesn't have the green padlock so I assume this forum hasn't gone over to https?



I'm just totally confused by it all and wonder why forumotion can't just make all their forums secure. I don't mind donating to such a service and it would be easier if you just did it for me! fufufu

Also, I'll have to go through all of this again next year when the SSL certificate expires!
avatar
jkh
Forumember

Posts : 240
Reputation : 7
Language : english

http://jillhavern.forumotion.net/

Back to top Go down

In progress Re: Insecure log-in (again)

Post by SLGray on March 14th 2017, 9:54 pm

Well, you exactly will not loose anything, maybe SEO ranking.

If the images on your forum do not have a secure link, they just will not appear. You can fix this by hosting them with an image host that offers secure links. Avatars are images. I did get a report from a Chrome user that said that they got the popup not secure message. Both of my forums have SSL certificates.

CSS stylesheet: You will have to check to see if there is any links in the stylesheet and make sure that they are secure (https).

All links that are not offered by Foruimotion and their third-party services (Servimg, Hitskins, etc.) will need to be secure.


Yes, the support forum does not have a SSL certificate yet.


When your topic has been solved, ensure you mark the topic solved.
Never post your email in public.

avatar
SLGray
Administrator
Administrator

Male Posts : 38477
Reputation : 2588
Language : English
Location : United States

http://ztwds.forumotion.com/

Back to top Go down

In progress Re: Insecure log-in (again)

Post by jkh on March 14th 2017, 10:12 pm

For me, this problem is scary.

Why haven't Forumotion got a SSL certificate yet?
Does this mean this forum is not secure?
When will this forum get the SSL certificate?

Does that mean that incorrectly hosted images and links on this forum will then not show up or work?
Will the Admin then have to go through every page and check all images and links? I bet you don't !

But this is what worries me - I've either got an insecure forum where members don't want to log in or I've got a heck of a lot of work to do to change the forum, and I don't know how to do it !

So my question is: Why can't Forumotion secure all forums rather than leave it up to individual Admin ?

And if this forum hasn't got a SSL certificate then surely it can't be that much of an issue?
avatar
jkh
Forumember

Posts : 240
Reputation : 7
Language : english

http://jillhavern.forumotion.net/

Back to top Go down

In progress Re: Insecure log-in (again)

Post by APE on March 14th 2017, 10:18 pm

As the site still has old links on it in The HTTP addresses and there is 1000's if not more it's hard to change over to HTTPS

This is why the site is not changed as we don't have the time right now to change everything over.
Not even sure we will change as we have not been told if it's in the pipe lines.



avatar
APE
Manager
Manager

Male Posts : 9872
Reputation : 914
Language : fluent in dork / mumbojumbo & English haha
Location : STUCK IN FORUMOTIONS SERVERS HELP ME !!!!!!

http://chatworld.forumotion.co.uk/

Back to top Go down

In progress Re: Insecure log-in (again)

Post by jkh on March 14th 2017, 10:28 pm

OK, so there's no immediate need to change over then. As you have just explained you don't have the time to change over due to all the hard work that would be necessary. My forum is huge too and it's overwhelming to think of what might need to happen. Admin and Managers here are very knowledgeable and experienced and would know what to do, time permitting.

I have time but I don't have the knowledge or experience. Therein lies my problem.
I've spent over 7 years learning how to manage my forum, but I'm nowhere near as experienced as staff here.

It's not a good situation either way then.

In the meantime, though, I have an insecure forum where passwords etc can be compromised?
What is the worst thing that can happen to any of my members or, indeed, my own Admin account?

Have all forumotion forums been insecure all this time or it is a new problem?
avatar
jkh
Forumember

Posts : 240
Reputation : 7
Language : english

http://jillhavern.forumotion.net/

Back to top Go down

In progress Re: Insecure log-in (again)

Post by APE on March 15th 2017, 12:37 am

Okay you have nothing to worry about right now this is a new system and it is not a must do thing...

Changing your members passwords will not change a thing it will always show the Warning on your log in settings.

Now the problem with a big forum is that you have to go over all your forum and change Add the addresses from HTTP to https

Now the first stage is to change your forum icons, banners, Images, Log's,

To do this just open up your ACP in your browser.

Now in your ACP go to you
Display Tab >> Pictures and Colors >> Pics management >> Advanced Mode Now you will see your forum buttons logo and other things

Now if they are older then 6 months old they will start as HTTP//:

Now follow the video


Now to do your CSS files:

ACP >> Display Tab >> Pictures and Colors >> Colors >> CSS stylesheet
Then Follow the video
<iframe width="560" height="315" src="https://www.youtube.com/embed/CACRiwY91Xg?rel=0" frameborder="0" allowfullscreen></iframe>
now make sure you save / submit.


yes it will take time but you will get there.

Now your main forum is safe and almost ready for your change over.

You will have to do the same with any HTML & JAVASCRIPT codes that have icons or images in.

This is not a problem for your forum you have nothing to worry about it's a new thing and it's down to making all sites safer all around the world.

Not being funny but if it was that much of a problem then 90 million sites around the world are all at risk as most of them i have been on are still not in HTTPS mode (Even the UK BBC TV site is not updated yet)

There is no big rush to change over trust me.



avatar
APE
Manager
Manager

Male Posts : 9872
Reputation : 914
Language : fluent in dork / mumbojumbo & English haha
Location : STUCK IN FORUMOTIONS SERVERS HELP ME !!!!!!

http://chatworld.forumotion.co.uk/

Back to top Go down

In progress Re: Insecure log-in (again)

Post by brandon_g on March 15th 2017, 5:09 pm

Hello,

I also just want to add that a site not being https DOES NOT mean it is not secure. On the contrary, all forumotion forums are secure as they have ever been and there is no risk or threat to anyone who visits any forumotion site, whether it is https or not.

The whole https thing is just somethat that is being pushed by google and web browsers. A site not having an ssl certificate or not being https, does not make that site not secure. That said, even if the browser may say your forum and other non https forumotion forums may be not secured, rest assured that they are indeed secured and in good hands.

Like Ape said, there are thousands upon thousands of reliable, sites that are not yet https, that doesnt mean all of those sites are not secure. Probably most of them are.

I just wanted to add that, as it felt it was important for you to known your forum and all forumotion forums for that matter are secure, whether they have an ssl certificate and are https or not.

-Brandon


Remember to mark your topic when a solution is found.
avatar
brandon_g
Support Moderator
Support Moderator

Male Posts : 5654
Reputation : 515
Language : English
Location : USA

http://broadcastingduo.forumotion.com/

Back to top Go down

In progress Re: Insecure log-in (again)

Post by jkh on March 17th 2017, 8:51 am

Thank you all for your replies and assurances that Forumotion sites are as secure now as they've always been.

As I previously said, I have two forumotion forums - my main one, and I have a test forum.

I bought credits for the test forum to see if obtaining a SSL certificate would give me the green padlock - it did, and I could see no difference to the appearance of the forum. I was able to buy the credits, they appeared immediately in the Admin Panel and I was able to spend them immediately.

So, whilst being apprehensive of the work involved in changing over to https on my main forum, I went ahead and bought credits the very same day. However, three days later and I'm still waiting for the credits to appear in the Admin Panel of my main forum.

I've had a receipt from HiPay to say they've taken my money.
I emailed them to ask why the credits haven't appeared.
They said it's not their problem and I'm to ask the Forumotion webmaster.

Question: How do I contact the Forumotion webmaster please so that I can ask them why my credits have not appeared three days after purchasing them?

Has this happened to anyone else?
Why do I get this delay with my main forum, yet not with my test forum?

Many thanks.

avatar
jkh
Forumember

Posts : 240
Reputation : 7
Language : english

http://jillhavern.forumotion.net/

Back to top Go down

In progress Re: Insecure log-in (again)

Post by jkh on March 17th 2017, 11:27 am

Update: I've been in touch with the webmaster and he has investigated my query and the credits have now appeared in my Admin Panel.

Question now is: Do I just go for it and buy the SSL certificate and transfer my forum to https? affraid

Has anyone else bought the SSL certificate and, if so, did you have any problems?
It's the thought of potential problems with javascript, images, links and the CSS Stylesheet that makes me very nervous!
I note there is an option to do an 'automatic' transfer as opposed to a manual one.
Should I go for the 'automatic' option?

Also, is there an option to reverse this process if I find there all sorts of problems that I don't know how to fix?
avatar
jkh
Forumember

Posts : 240
Reputation : 7
Language : english

http://jillhavern.forumotion.net/

Back to top Go down

In progress Re: Insecure log-in (again)

Post by skouliki on March 17th 2017, 12:56 pm

i can tell you that in my forum and before i buy the certificate i followed Ape's advice
so i went through my css , my java, my templates and changed all http images i found to https (that mean reload them again and replace the old http url with the new https url)
then i did the same with all my forum images and with all my forum posts and threads

and believe me iam still trying ...to finish them

you want numbers ?
my css is about 900 lines , my java codes are 30 , my forum has 500 threads x 10 at least images each thread that means = 5000 images i have to manual change !

when i will be over i will buy the certificate and iam sure if i have any problems the staff here will help me as usual so for me its all ok

i know you have a huge forum but you must do this manual to all threads that have images , if there is an automatical code for that i really dont know

you easily switch from htpps to http as many times you want with a click
avatar
skouliki
Graphic Designer
Graphic Designer

Female Posts : 2420
Reputation : 377
Language : English,Greek
Location : Greece

http://iconskouliki.forumgreek.com

Back to top Go down

In progress Re: Insecure log-in (again)

Post by cassini on March 17th 2017, 3:44 pm

I am getting it as well even though I have bought a SSL Certificate, however I have deleted all my screen caps with the exception of one member. This is due to having to save these before re-uploading using the Host an Image.
Would copying short cuts from News Websites that still have HTTP still affect forums with SSL Certificates Question

avatar
cassini
Forumember

Male Posts : 242
Reputation : 4
Language : english
Location : Dorset U.K

https://cassinicaps.forumotion.co.uk/

Back to top Go down

In progress Re: Insecure log-in (again)

Post by jkh on March 17th 2017, 7:14 pm

Hello skouliki

I've got 317,735 messages posted on my forum with many of them containing images - there's not a chance I can go through them all and re-upload them. The task is enormous!

As for javascript - is it enough to just go into the code and add an 's' where I've highlighted it in bold red below then click 'save'?


$(function(){$("body").append('<div class="updownbutton"><a href="#top"><img src="http://i42.servimg.com/u/f42/09/02/12/09/sort_u10.png" alt="Go to top" /></a> <a href="#bottom"><img src="http://i42.servimg.com/u/f42/09/02/12/09/sort_d10.png" alt="Go to bottom" /></a></div>')});
avatar
jkh
Forumember

Posts : 240
Reputation : 7
Language : english

http://jillhavern.forumotion.net/

Back to top Go down

In progress Re: Insecure log-in (again)

Post by jkh on March 17th 2017, 7:20 pm

@cassini wrote:I am getting it as well even though I have bought a SSL Certificate, however I have deleted all my screen caps with the exception of one member. This is due to having to save these before re-uploading using the Host an Image.
Would copying short cuts from News Websites that still have HTTP still affect forums with SSL Certificates Question


I've just copied an image code from my non-https forum over to my https test forum and the image shows up as normal.

So....in that case, why do we have to go through all our messages trying to find all the non-https images and then re-upload them?

I've also just copied the http javascript in my previous post over to the https test forum, and that works fine too.
avatar
jkh
Forumember

Posts : 240
Reputation : 7
Language : english

http://jillhavern.forumotion.net/

Back to top Go down

In progress Re: Insecure log-in (again)

Post by SLGray on March 17th 2017, 7:29 pm

Well, you was lucky because on my 2 forums insecure images do not show up. They are there, but do not show up. When you edit a post with insecure images, the images' URL's are there.

Yes, I have SSL certificates for both of my forums.

P.S. Since Servimg is part of Forumotion, its links will be change to https.


When your topic has been solved, ensure you mark the topic solved.
Never post your email in public.

avatar
SLGray
Administrator
Administrator

Male Posts : 38477
Reputation : 2588
Language : English
Location : United States

http://ztwds.forumotion.com/

Back to top Go down

In progress Re: Insecure log-in (again)

Post by jkh on March 17th 2017, 7:32 pm

I wonder if that's because I chose to do the 'automatic' transfer rather than the 'manual' transfer?

Now when I look in my https test forum at the javascript code I've just posted in there from my http forum, the code has changed from http to https.
avatar
jkh
Forumember

Posts : 240
Reputation : 7
Language : english

http://jillhavern.forumotion.net/

Back to top Go down

In progress Re: Insecure log-in (again)

Post by skouliki on March 17th 2017, 7:32 pm

@jkh wrote:Hello skouliki

As for javascript - is it enough to just go into the code and add an 's' where I've highlighted it in bold red below then click 'save'?
$(function(){$("body").append('<div class="updownbutton"><a href="#top"><img src="http://i42.servimg.com/u/f42/09/02/12/09/sort_u10.png" alt="Go to top" /></a> <a href="#bottom"><img src="http://i42.servimg.com/u/f42/09/02/12/09/sort_d10.png" alt="Go to bottom" /></a></div>')});
nop you need to reload them again
i understand your frustration

Hello
avatar
skouliki
Graphic Designer
Graphic Designer

Female Posts : 2420
Reputation : 377
Language : English,Greek
Location : Greece

http://iconskouliki.forumgreek.com

Back to top Go down

In progress Re: Insecure log-in (again)

Post by jkh on March 17th 2017, 7:36 pm

See my previous post skouliki...I just copied that http javascript into my test forum and it automatically changed it to https....and the script works!
avatar
jkh
Forumember

Posts : 240
Reputation : 7
Language : english

http://jillhavern.forumotion.net/

Back to top Go down

In progress Re: Insecure log-in (again)

Post by skouliki on March 17th 2017, 7:37 pm

ok... but to be sure i have changed all my java manual
avatar
skouliki
Graphic Designer
Graphic Designer

Female Posts : 2420
Reputation : 377
Language : English,Greek
Location : Greece

http://iconskouliki.forumgreek.com

Back to top Go down

In progress Re: Insecure log-in (again)

Post by SLGray on March 17th 2017, 7:38 pm

@cassini wrote:I am getting it as well even though I have bought a SSL Certificate, however I have deleted all my screen caps with the exception of one member. This is due to having to save these before re-uploading using the Host an Image.
Would copying short cuts from News Websites that still have HTTP still affect forums with SSL Certificates Question

If you post anything on your forum that has a http link, you will not get the secure symbol in your browser tab.


Last edited by SLGray on March 17th 2017, 7:42 pm; edited 1 time in total


When your topic has been solved, ensure you mark the topic solved.
Never post your email in public.

avatar
SLGray
Administrator
Administrator

Male Posts : 38477
Reputation : 2588
Language : English
Location : United States

http://ztwds.forumotion.com/

Back to top Go down

In progress Re: Insecure log-in (again)

Post by SLGray on March 17th 2017, 7:39 pm

@jkh wrote:See my previous post skouliki...I just copied that http javascript into my test forum and it automatically changed it to https....and the script works!
The reason why is the links are to Servimg.


When your topic has been solved, ensure you mark the topic solved.
Never post your email in public.

avatar
SLGray
Administrator
Administrator

Male Posts : 38477
Reputation : 2588
Language : English
Location : United States

http://ztwds.forumotion.com/

Back to top Go down

In progress Re: Insecure log-in (again)

Post by jkh on March 17th 2017, 7:40 pm

Here is my test forum https://jillstestforum.forumotion.co.uk/

You can see the green padlock and you can see the up/down buttons (bottom left) from the code I've just copied and pasted, which changed from http to https automatically.
avatar
jkh
Forumember

Posts : 240
Reputation : 7
Language : english

http://jillhavern.forumotion.net/

Back to top Go down

In progress Re: Insecure log-in (again)

Post by SLGray on March 17th 2017, 7:41 pm

If you have links to Servimg, they will be automatically changed to https.


When your topic has been solved, ensure you mark the topic solved.
Never post your email in public.

avatar
SLGray
Administrator
Administrator

Male Posts : 38477
Reputation : 2588
Language : English
Location : United States

http://ztwds.forumotion.com/

Back to top Go down

In progress Re: Insecure log-in (again)

Post by jkh on March 17th 2017, 7:42 pm

@SLGray wrote:
@jkh wrote:See my previous post skouliki...I just copied that http javascript into my test forum and it automatically changed it to https....and the script works!
The reason why is the links are to Servimg.
Ah! I see...so anything from an outside website won't show up.

I get it now.

Oh dear! Crying or Very sad
avatar
jkh
Forumember

Posts : 240
Reputation : 7
Language : english

http://jillhavern.forumotion.net/

Back to top Go down

In progress Re: Insecure log-in (again)

Post by SLGray on March 17th 2017, 7:43 pm

If it is not part of Forumotion (Servimg, Hitskins, etc.) and have a http link, it will not be considered secure by your browser.


When your topic has been solved, ensure you mark the topic solved.
Never post your email in public.

avatar
SLGray
Administrator
Administrator

Male Posts : 38477
Reputation : 2588
Language : English
Location : United States

http://ztwds.forumotion.com/

Back to top Go down

In progress Re: Insecure log-in (again)

Post by jkh on March 17th 2017, 7:45 pm

So if there are any links on my main forum that starts with http the links also won't work?

eta: Just tested that aswell by pasting a http newslink into my test forum and that works too - didn't get a insecure warning and the green padlock is still there.

I guess I'm still not 'getting' something here!


Last edited by jkh on March 17th 2017, 7:51 pm; edited 1 time in total
avatar
jkh
Forumember

Posts : 240
Reputation : 7
Language : english

http://jillhavern.forumotion.net/

Back to top Go down

In progress Re: Insecure log-in (again)

Post by skouliki on March 17th 2017, 7:48 pm

ok so i bought the certificate and all http images are turned to https all hosted by servimg i mean
all that work !! study
avatar
skouliki
Graphic Designer
Graphic Designer

Female Posts : 2420
Reputation : 377
Language : English,Greek
Location : Greece

http://iconskouliki.forumgreek.com

Back to top Go down

In progress Re: Insecure log-in (again)

Post by SLGray on March 17th 2017, 7:51 pm

@jkh wrote:So if there are any links on my main forum that starts with http the links also won't work?
You will get the SSL certificate, but your pages with http links will not be considered secure by your browser.


When your topic has been solved, ensure you mark the topic solved.
Never post your email in public.

avatar
SLGray
Administrator
Administrator

Male Posts : 38477
Reputation : 2588
Language : English
Location : United States

http://ztwds.forumotion.com/

Back to top Go down

In progress Re: Insecure log-in (again)

Post by cassini on March 17th 2017, 7:58 pm

@SLGray wrote:
@cassini wrote:I am getting it as well even though I have bought a SSL Certificate, however I have deleted all my screen caps with the exception of one member. This is due to having to save these before re-uploading using the Host an Image.
Would copying short cuts from News Websites that still have HTTP still affect forums with SSL Certificates Question

If you post anything on your forum that has a http link, you will not get the secure symbol in your browser tab.

Thanks SLGray Smile

Thing is I have links from BBC News website that is still http, also I have a members caps that I need to re-upload using the Host an Image tool.

Regards
Cassini Smile
avatar
cassini
Forumember

Male Posts : 242
Reputation : 4
Language : english
Location : Dorset U.K

https://cassinicaps.forumotion.co.uk/

Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum