Jump to content
APC Forum

Security issue the website using HTTP and not HTTPS SSL in several cases


Recommended Posts

Posted (edited)

The site using many times HTTP and not secured HTTPS SSL connection! Usernames and passwords are very easy to steal this way using a MITIM attack. And users are easy to track back to see exactly who is currently what doing the site. Private messages are also very easy to read. Between the user and the website: The internet providers, hackers, the users government in Hot Spots or wifi etc.

 

To the .htaccess file a command could be added to redirect all traffic from http port 80 to secure https.

#Disable unauthorized directory browsing 
Options All -Indexes
# Protect the htaccess file
<Files .htaccess>
Order Allow,Deny
Deny from all
</Files>
#Redirect All Web Traffic to ssl https
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.amateurpyro.com/$1 [R,L]

And to the conf_global.php file a command at the end of the line:

);$_SERVER['REMOTE_ADDR'] = '127.0.0.1';

To prevent users' IP addresses from being recorded by the forum software and log only 127.0.0.1 in all user.

 

The system would be significantly more secure for users.

Edited by mx5kevin
  • Like 2
Posted

An important point.

 

Problem is that the bulk of people here are Americans, who often are oblivious of the troubles people in Europe have.

 

Also I find that there's a general tendency to accept that we are being spied upon and evaluated. I recently had a discussion with some colleagues who wanted to create a whats app group. Everybody wanted whats app, simply because it was predominant - selling their information to Zuckerberg made no difference to them at all... I don't do it as a matter of principle...

Posted

Similar pyro forums they do not work anywhere else in the world. APC and pyroforum.nl, pirotehnika-ruhelp which work. Similar pyro forums are dying in English language as well. Another forum administrator what use the same forum software said it would be need a push of a button from the forum administrator that comments can be freely edited at any time, and there should be no five-minute limit in the topics. These are settings that take a few minutes.

 

Which work professional (homemade) projects where it presents the current user how solved the problem. Most are video bloggers. The video sharing feature is missing from the forum software. This could not be fixed without upgrading to a newer version.

 

Conversation does not work in other languages. Don’t have the right expertise in small countries bring together a strong small community of experts. Incompetent people give silly advice the result in forums. You can only get in trouble with private messages IP address, email address, MSN, Skype, Facebook, the authorities collect them. In private they try to obtain these informations. Invitation to face-to-face meetings, buy something or sell it to him they try in private messages. Which a working setup is a strong knowledgeable community working on the same projects with transparent knowledge. Where results are presented. If you ask a question on each forum, you will get mostly useless answers from people with mixed knowledge. Communities do not work a lot of malicious people are leaking in (they chase away people who understand the subject, the topics are full of spamming to avoid a deeper conversation, the deliberately publish misleading solutions). Those who publish content to them would be more important for better editing. Content producers should be better brought together and not anonymous people who do not have a transparent job. Own freely editable blog, video gallery, more freely editable comments are all essential for this. In such a community, those who are harmful to the community are more selected. Those who are malicious people cannot show their own quality detailed videos or blogs. And they cannot show like indexing on external sources to see why they are doing what they are doing. General chat forums do not work in this hobby. Those with more knowledge will not answer specific questions, they create their own content. What is visited are professional detailed content. And most of all, the videos are the ones you can love with a beginner in this hobby.

Posted

Much of what is being said here is deliberately impregnated into the script. It is the means of which the Administrators and Moderators are able to perform their tasks. Running a completely anonymous page/forum, what-have-you, is difficult. I's already getting harder to ban IP's of undesirables with our new spoofing softwares. In most cases, an open forum is just that. Open.. I'm huge on anonymity, but, make her to tight, and you'll lock yourself out from ruling your own roost.

 

A utopia would be nice, with only professionals providing the means. Money is a deal breaker in most cases. Private forums, sites or servers, don't seem to be free.. Those who say knowledge should be free, are now combatant with, someone else's "intellectual property."

 

I like what you said up there, and well put.. Sounds like what your looking for; you might have to create.

  • Like 1
  • 1 year later...
Posted

The software does not have any known vulnerabilities.

And the site is, or should be, fully under SSL.

If you are seeing any non-SSL pages or URL's in your browser, please reply here with them.

We are also located in the USA, and compliant with all applicable local law.

I'll also point out that we have not changed any settings in the system, except for the very few (which are not security-related) that were removed or completely rewritten. One new feature has now been turned off; Post Before Register. I believe that was allowing guests to post anything. But that should be addressed and Guests not able to post, only to read.

×
×
  • Create New...