Insecure log-in

Hi all

I hope someone can help.

One of the members of my forum asked me this question earlier today and I don't know how to answer as I don't know what he's talking about!:

"On logging in I've noticed the site is not using HTTPS. That means anyone who is on the same network - e.g. if you login in a cafe or other public wifi spot, or from work or other shared Internet, your username, password and anything else you post could be captured. I don't recall that being the case last time I was here, but I could be wrong."

My forum address is in my avatar profile and would be grateful if someone could look to see if there's a problem and, if there is, tell me how to fix it please.

Thanks in advance.

HI there,

I think reading this should clear some things up. https://help.forumotion.com/t150481-new-ssl-certificates-are-now-available-for-forumotion-forums-possibility-to-run-forums-in-https

Thank you, I'll have a read of that.
Does it mean my forum is insecure now though?

You're welcome. Reading it will answer that question.

Wouldn't it be quicker for you to say yes or no?

There is a much broader answer to that question in that link, but yes.

But if click on the little icon in top left hand corner of this forum it says the connection isn't secure even though it hasn't got the padlock thingy.

Hello,

All websites and forums and so on will be going over to the new HTTPs addresses
but right now lots and lots of them have not been changed like your site / forum.

Now This is how it works.
If you don't change over to the new HTTPs address your forum is still safe but things can be looked at by them that want to take your data and use it.

Now the new HttpS address system will stop all that and make your forum even more safe from them trying to read your data on your forum.

No the price of this is a small amount and to do this you need to buy credits and spend 500 credits on this for one year only.

Now Not having The new address Don't mean your forum is not safe it just needs some data can be read by members of the public.

To stop this warning from showing you can remove the login tools and just have it in your navbar.

This will help you until you make up your mind if you want to go with the new address system or not.

EDIT:
turn this off and you should not see the red lock

So I have to pay for a year. That's fine, I'll do that.

And after that year I won't have to pay for another year?

It's all mumbojumbo to me - and according to your avatar you will know what I mean as you're fluent in it!

Also, what data can be looked at?

jkh wrote:So I have to pay for a year. That's fine, I'll do that.

And after that year I won't have to pay for another year?

It's all mumbojumbo to me - and according to your avatar you will know what I mean as you're fluent in it!

Also, what data can be looked at?

LOL yes i know what your saying lol

No this is a payment for one year only you will have to pay again next year and every year from now on but the price may change when we come out of beta mode "I'm not sure if this will be the case as they have still not told us as much "

OK, so before I go in to the Admin Panel to pay - how much will 500 credits cost?
And can I pay for 2 or 3 years in one go?

jkh wrote:OK, so before I go in to the Admin Panel to pay - how much will 500 credits cost?
And can I pay for 2 or 3 years in one go?

ok in the uk 500 credits is £4.70 and No you can only buy it for one year.

Here is a little tip:
Go to your ACP click on Misc Tab >>  Credits management >> Buy credits now click on the one you want to pay with and it will show you the price of the credits. and a list of money like $ and £ and so on.

Don't worry you will not be buying credits until you click the buy now button just use the browsers back button to go back a step.

Thank you both very much

is this now solved ?

If yes Please mark it solved by hitting the big green mark as solved button next to the top post.

thank you and have a great day

I have one more question....I've just looked in the Admin Panel and it says my forum address will change - will members still be able to find it?

Oh, and will all my javascripts/images still work? If not, what do I need to do in my CSS stylesheet?

Everything will stay the same as it was before you change the address and your forum should still be found on the same address it will just redirect to the new address.

so you should have nothing to worry about.

just to let your know it may take upto 24 to 48hrs to get your new address added.

One thing you need to understand is that everything on your forum also has to have secure links, too, like third-party image URL's, third-party codes, etc.

Sorry to be a pain but on another thread it says this:

"Note that passing your forum in HTTPS requires that all external resources (images, JavaScripts, CSS, ...) to be called in HTTPS. Otherwise, the forum will not be considered as secure by browsers."

So, what do I need to do to all my external resources?
I don't have a problem with buying credits, but I do have a problem with knowing what to do with my CSS.
I don't understand what I have to do, if anything, once I've bought the credits if you get my drift...

SLGray wrote:One thing you need to understand is that everything on your forum also has to have secure links, too, like third-party image URL's, third-party codes, etc.

And how do I do that? Or does it mean that some images/links codes won't work once I've bought credits?

If you hosted an image on let us say Imageshack, that link has to have https, too for your forum to be considered completely secure.

SLGray wrote:If you hosted an image on let us say Imageshack, that link has to have https, too for your forum to be considered completely secure.

Oh dear. So if I buy credits and change things does that mean that existing images won't be visible if they haven't got the https?

I will let @APE explain this.

Okay all the items you have in your CSS file will be 100% safe unless your have hosted items like this

Code:

http://i21.servimg.com/u/f21/18/21/41/30/rule10.png

then you will need to go in the CSS files and take the link and re-upload them in the servimg.com account or tinypic if thats what you have in your ACP then put the code back in the right place

servimg:
servimg.com is now uploading your items with the new HTTPS address added, But right now I am not sure if servimg.com is going to update there system to make it so your old items can still be used and marked as safe.

Right now we have not been told what the outcome of us not changing the icons and other things on our site but i know that all items uploaded will now be in the new address if you get this or not.

I will be updating my items when i get time but right now i don't see it as a problem and i live in hope that they will host a script that will fix this so we don't have to update the items our self.

Sorry for the second post here.

what FM is doing with the HTTPS address is to make your forum and it's login data safe that is why we have gave this system.

As for all the other things on your site well this Don't really matter so much as you can't really get the data like login info and passwords from this but it can be seen to too and from servers and be tracked.

so the main thing is to get your site added and then take your time to host the items you want to change to be safer like icons and images but all new items uploaded will be in the new HTTPS mode.

So to be clear
Your forum address and login data is the most important so getting your site in HTTPS will be the best move.