Insecure log-in (again)

Hi everyone

I refer once again to my previous topic which was locked and garbaged before I'd finished with it.

I have had many enquiries from members of my forum concerned about security issues.

I purchased the required credits to obtain the SSL certificate - and am still waiting for the credits to appear in the Admin Panel.

However, I note this forum isn't https and you still have the red padlock thingy and insecure warning.

I have looked at this Tutorial and it scares me to death that something will go wrong if/when I'm able to change over to https.

https://help.forumotion.com/t150650-ssl-certificate-guide-for-a-success-forum-migration-to-https

What scares you specifically?

Hello SLGray

Where do I start....?

Not knowing what to do about existing images and links - losing things I suppose.
Not knowing which things to check....
Will avatars disappear?
Or will the images on the homepage of my forum disappear?
I also have to do something with the CSS Stylesheet - not sure what to do there either.

I did test this on my test forum, by buying credits for the SSL certificate and I changed over to htpps and nothing changed...but then that forum is pretty much empty anyway, although I did have to change a link.
Will I have to go through every single link and change it over to https?
I've got the green padlock on my test forum.



I was able to buy and spend the credits immediately, but when I bought more credits for my usual forum I'm still waiting for the credits to appear.

But as I said in my OP, the Forumotion support forum doesn't have the green padlock so I assume this forum hasn't gone over to https?



I'm just totally confused by it all and wonder why forumotion can't just make all their forums secure. I don't mind donating to such a service and it would be easier if you just did it for me!

Also, I'll have to go through all of this again next year when the SSL certificate expires!

Well, you exactly will not loose anything, maybe SEO ranking.

If the images on your forum do not have a secure link, they just will not appear.  You can fix this by hosting them with an image host that offers secure links.  Avatars are images.  I did get a report from a Chrome user that said that they got the popup not secure message.  Both of my forums have SSL certificates.

CSS stylesheet:  You will have to check to see if there is any links in the stylesheet and make sure that they are secure (https).

All links that are not offered by Foruimotion and their third-party services (Servimg, Hitskins, etc.) will need to be secure.


Yes, the support forum does not have a SSL certificate yet.

For me, this problem is scary.

Why haven't Forumotion got a SSL certificate yet?
Does this mean this forum is not secure?
When will this forum get the SSL certificate?

Does that mean that incorrectly hosted images and links on this forum will then not show up or work?
Will the Admin then have to go through every page and check all images and links? I bet you don't !

But this is what worries me - I've either got an insecure forum where members don't want to log in or I've got a heck of a lot of work to do to change the forum, and I don't know how to do it !

So my question is: Why can't Forumotion secure all forums rather than leave it up to individual Admin ?

And if this forum hasn't got a SSL certificate then surely it can't be that much of an issue?

As the site still has old links on it in The HTTP addresses and there is 1000's if not more it's hard to change over to HTTPS

This is why the site is not changed as we don't have the time right now to change everything over.
Not even sure we will change as we have not been told if it's in the pipe lines.

OK, so there's no immediate need to change over then. As you have just explained you don't have the time to change over due to all the hard work that would be necessary. My forum is huge too and it's overwhelming to think of what might need to happen. Admin and Managers here are very knowledgeable and experienced and would know what to do, time permitting.

I have time but I don't have the knowledge or experience. Therein lies my problem.
I've spent over 7 years learning how to manage my forum, but I'm nowhere near as experienced as staff here.

It's not a good situation either way then.

In the meantime, though, I have an insecure forum where passwords etc can be compromised?
What is the worst thing that can happen to any of my members or, indeed, my own Admin account?

Have all forumotion forums been insecure all this time or it is a new problem?

Okay you have nothing to worry about right now this is a new system and it is not a must do thing...

Changing your members passwords will not change a thing it will always show the Warning on your log in settings.

Now the problem with a big forum is that you have to go over all your forum and change Add the addresses from HTTP to https

Now the first stage is to change your forum icons, banners, Images, Log's,

To do this just open up your ACP in your browser.

Now in your ACP go to you  
Display Tab >>   Pictures and Colors >> Pics management >> Advanced Mode Now you will see your forum buttons logo and other things

Now if they are older then 6 months old they will start as HTTP//:

Now follow the video


Now to do your CSS files:

ACP >> Display Tab >>   Pictures and Colors >> Colors >> CSS stylesheet
Then Follow the video
<iframe width="560" height="315" src="https://www.youtube.com/embed/CACRiwY91Xg?rel=0" frameborder="0" allowfullscreen></iframe>
now make sure you save / submit.


yes it will take time but you will get there.

Now your main forum is safe and almost ready for your change over.

You will have to do the same with any HTML & JAVASCRIPT codes that have icons or images in.

This is not a problem for your forum you have nothing to worry about it's a new thing and it's down to making all sites safer all around the world.

Not being funny but if it was that much of a problem then 90 million sites around the world are all at risk as most of them i have been on are still not in HTTPS mode (Even the UK BBC TV site is not updated yet)

There is no big rush to change over trust me.

Hello,

I also just want to add that a site not being https DOES NOT mean it is not secure. On the contrary, all forumotion forums are secure as they have ever been and there is no risk or threat to anyone who visits any forumotion site, whether it is https or not.

The whole https thing is just somethat that is being pushed by google and web browsers. A site not having an ssl certificate or not being https, does not make that site not secure. That said, even if the browser may say your forum and other non https forumotion forums may be not secured, rest assured that they are indeed secured and in good hands.

Like Ape said, there are thousands upon thousands of reliable, sites that are not yet https, that doesnt mean all of those sites are not secure. Probably most of them are.

I just wanted to add that, as it felt it was important for you to known your forum and all forumotion forums for that matter are secure, whether they have an ssl certificate and are https or not.

-Brandon

Thank you all for your replies and assurances that Forumotion sites are as secure now as they've always been.

As I previously said, I have two forumotion forums - my main one, and I have a test forum.

I bought credits for the test forum to see if obtaining a SSL certificate would give me the green padlock - it did, and I could see no difference to the appearance of the forum. I was able to buy the credits, they appeared immediately in the Admin Panel and I was able to spend them immediately.

So, whilst being apprehensive of the work involved in changing over to https on my main forum, I went ahead and bought credits the very same day. However, three days later and I'm still waiting for the credits to appear in the Admin Panel of my main forum.

I've had a receipt from HiPay to say they've taken my money.
I emailed them to ask why the credits haven't appeared.
They said it's not their problem and I'm to ask the Forumotion webmaster.

Question: How do I contact the Forumotion webmaster please so that I can ask them why my credits have not appeared three days after purchasing them?

Has this happened to anyone else?
Why do I get this delay with my main forum, yet not with my test forum?

Many thanks.

Update: I've been in touch with the webmaster and he has investigated my query and the credits have now appeared in my Admin Panel.

Question now is: Do I just go for it and buy the SSL certificate and transfer my forum to https? 

Has anyone else bought the SSL certificate and, if so, did you have any problems?
It's the thought of potential problems with javascript, images, links and the CSS Stylesheet that makes me very nervous!
I note there is an option to do an 'automatic' transfer as opposed to a manual one.
Should I go for the 'automatic' option?

Also, is there an option to reverse this process if I find there all sorts of problems that I don't know how to fix?

i can tell you that in my forum and before i buy the certificate i followed Ape's advice
so i went through my css , my java, my templates and changed all http images i found to https (that mean reload them again and replace the old http url with the new https url)
then i did the same with all my forum images and with all my forum posts and threads

and believe me iam still trying ...to finish them

you want numbers ?
my css is about 900 lines , my java codes are 30 , my forum has 500 threads x 10 at least images each thread that means = 5000 images i have to manual change !

when i will be over i will buy the certificate and iam sure if i have any problems the staff here will help me as usual so for me its all ok

i know you have a huge forum but you must do this manual to all threads that have images , if there is an automatical code for that i really dont know

you easily switch from htpps to http as many times you want with a click

I am getting it as well even though I have bought a SSL Certificate, however I have deleted all my screen caps with the exception of one member. This is due to having to save these before re-uploading using the Host an Image.
Would copying short cuts from News Websites that still have HTTP still affect forums with SSL Certificates

Hello skouliki

I've got 317,735 messages posted on my forum with many of them containing images - there's not a chance I can go through them all and re-upload them. The task is enormous!

As for javascript - is it enough to just go into the code and add an 's' where I've highlighted it in bold red below then click 'save'?


$(function(){$("body").append('<div class="updownbutton"><a href="#top"><img src="http://i42.servimg.com/u/f42/09/02/12/09/sort_u10.png" alt="Go to top" /></a> <a href="#bottom"><img src="http://i42.servimg.com/u/f42/09/02/12/09/sort_d10.png" alt="Go to bottom" /></a></div>')});

cassini wrote:I am getting it as well even though I have bought a SSL Certificate, however I have deleted all my screen caps with the exception of one member. This is due to having to save these before re-uploading using the Host an Image.
Would copying short cuts from News Websites that still have HTTP still affect forums with SSL Certificates

I've just copied an image code from my non-https forum over to my https test forum and the image shows up as normal.

So....in that case, why do we have to go through all our messages trying to find all the non-https images and then re-upload them?

I've also just copied the http javascript in my previous post over to the https test forum, and that works fine too.

Well, you was lucky because on my 2 forums insecure images do not show up.  They are there, but do not show up.  When you edit a post with insecure images, the images' URL's are there.

Yes, I have SSL certificates for both of my forums.

P.S.  Since Servimg is part of Forumotion, its links will be change to https.

I wonder if that's because I chose to do the 'automatic' transfer rather than the 'manual' transfer?

Now when I look in my https test forum at the javascript code I've just posted in there from my http forum, the code has changed from http to https.

jkh wrote:Hello skouliki

As for javascript - is it enough to just go into the code and add an 's' where I've highlighted it in bold red below then click 'save'?
$(function(){$("body").append('<div class="updownbutton"><a href="#top"><img src="http://i42.servimg.com/u/f42/09/02/12/09/sort_u10.png" alt="Go to top" /></a> <a href="#bottom"><img src="http://i42.servimg.com/u/f42/09/02/12/09/sort_d10.png" alt="Go to bottom" /></a></div>')});

nop you need to reload them again 
i understand your frustration

See my previous post skouliki...I just copied that http javascript into my test forum and it automatically changed it to https....and the script works!

ok... but to be sure i have changed all my java manual

cassini wrote:I am getting it as well even though I have bought a SSL Certificate, however I have deleted all my screen caps with the exception of one member. This is due to having to save these before re-uploading using the Host an Image.
Would copying short cuts from News Websites that still have HTTP still affect forums with SSL Certificates

If you post anything on your forum that has a http link, you will not get the secure symbol in your browser tab.

jkh wrote:See my previous post skouliki...I just copied that http javascript into my test forum and it automatically changed it to https....and the script works!

The reason why is the links are to Servimg.

Here is my test forum https://jillstestforum.forumotion.co.uk/

You can see the green padlock and you can see the up/down buttons (bottom left) from the code I've just copied and pasted, which changed from http to https automatically.

If you have links to Servimg, they will be automatically changed to https.

SLGray wrote:

jkh wrote:See my previous post skouliki...I just copied that http javascript into my test forum and it automatically changed it to https....and the script works!

The reason why is the links are to Servimg.

Ah! I see...so anything from an outside website won't show up.

I get it now.

Oh dear! 

If it is not part of Forumotion (Servimg, Hitskins, etc.) and have a http link, it will not be considered secure by your browser.

So if there are any links on my main forum that starts with http the links also won't work?

eta: Just tested that aswell by pasting a http newslink into my test forum and that works too - didn't get a insecure warning and the green padlock is still there.

I guess I'm still not 'getting' something here!

ok so i bought the certificate and all http images are turned to https all hosted by servimg i mean 
all that work !! 

jkh wrote:So if there are any links on my main forum that starts with http the links also won't work?

You will get the SSL certificate, but your pages with http links will not be considered secure by your browser.

SLGray wrote:

cassini wrote:I am getting it as well even though I have bought a SSL Certificate, however I have deleted all my screen caps with the exception of one member. This is due to having to save these before re-uploading using the Host an Image.
Would copying short cuts from News Websites that still have HTTP still affect forums with SSL Certificates

If you post anything on your forum that has a http link, you will not get the secure symbol in your browser tab.

Thanks SLGray

Thing is I have links from BBC News website that is still http, also I have a members caps that I need to re-upload using the Host an Image tool.

Regards
Cassini