Melodeon.net Forums

Please login or register.

Login with username, password and session length
Advanced search  

News:

Welcome to the new melodeon.net forum

Pages: [1]   Go Down

Author Topic: Security warning  (Read 3959 times)

0 Members and 1 Guest are viewing this topic.

Tone Dumb Greg

  • Hero Member
  • *****
  • Offline Offline
  • Posts: 4929
    • Dartmoor Border Morris
Security warning
« on: May 09, 2019, 02:15:55 PM »

A couple of days ago I logged into melnet and found the site blocked. I got this message:

"Warning: Potential Security Risk Ahead
Firefox detected an issue and did not continue to forum.melodeon.net. The website is either misconfigured or your computer clock is set to the wrong time.
It’s likely the website’s certificate is expired, which prevents Firefox from connecting securely. If you visit this site, attackers could try to steal information like your passwords, emails, or credit card details."

By coincidence, my router went down shortly after. A replacement router turned up this morning. The warning was still there when I logged in, so I did a new search for melodeon.net and logged into the site that led me too, which looks right. However,  I noticed that the connection is just prefixed www. I thought a secure connection needed something like https:// . If I add this prefix I still get the error message. Wondering what's going on. Anyone savvy to this?
Logged
Greg Smith
DG/GC Pokerwork, DG 2.4 Saltarelle, pre-war CF Hohner, Hohner 1040 Vienna style, old  BbEb Hohner that needs a lot of work.

ACCORDION, n. An instrument in harmony with the sentiments of an assassin. Ambrose Bierce

Theo

  • Administrator
  • Hero Member
  • *****
  • Offline Offline
  • Posts: 13727
  • Hohner Club Too
    • The Box Place
Re: Security warning
« Reply #1 on: May 09, 2019, 02:31:48 PM »

We don’t have a security certificate hence the warning.  We don’t expect anyone to enter sensitive data eh credit card details so no need to worry.  Browsers are just getting more paranoid!

Similar topic here http://forum.melodeon.net/index.php/topic,23813.0.html
Logged
Theo Gibb - Gateshead UK

Proprietor of The Box Place for melodeon and concertina sales and service.
Follow me on Twitter and Facebook for stock updates.

Tone Dumb Greg

  • Hero Member
  • *****
  • Offline Offline
  • Posts: 4929
    • Dartmoor Border Morris
Re: Security warning
« Reply #2 on: May 09, 2019, 05:30:51 PM »

Thanks Theo
Logged
Greg Smith
DG/GC Pokerwork, DG 2.4 Saltarelle, pre-war CF Hohner, Hohner 1040 Vienna style, old  BbEb Hohner that needs a lot of work.

ACCORDION, n. An instrument in harmony with the sentiments of an assassin. Ambrose Bierce

Anahata

  • This mind intentionally left blank
  • Hero Member
  • *****
  • Offline Offline
  • Posts: 6357
  • Oakwood D/G, C/F Club, 1-rows in C,D,G
    • Treewind Music
Re: Security warning
« Reply #3 on: May 09, 2019, 11:32:07 PM »

We do enter passwords sometimes, though.

And you can get a free security certificate from Letsencrypt, but your web hosting setup needs to be able to support it by fetching a new certificate automatically every two months.
Logged
I'm a melodeon player. What's your excuse?
Music recording and web hosting: www.treewind.co.uk
Mary Humphreys and Anahata: www.maryanahata.co.uk
Ceilidh band: www.barleycoteband.co.uk

Theo

  • Administrator
  • Hero Member
  • *****
  • Offline Offline
  • Posts: 13727
  • Hohner Club Too
    • The Box Place
Re: Security warning
« Reply #4 on: May 10, 2019, 08:33:41 AM »

Thanks for that suggestion.  I think our web host offers a free security certificate.  I’ll talk to Clive about that.
Logged
Theo Gibb - Gateshead UK

Proprietor of The Box Place for melodeon and concertina sales and service.
Follow me on Twitter and Facebook for stock updates.

Alan Morley

  • Alan Morley
  • Hero Member
  • *****
  • Offline Offline
  • Posts: 1168
    • UK Folk Music
Re: Security warning
« Reply #5 on: May 10, 2019, 10:24:57 AM »

Some browsers will not display a web page that has not got the prefix https://

If you get to the hosting service, there is usually a free security certificate available called Lets Encrypt.
Here's a very long link to it...

https://getflywheel.com/why-flywheel/simple-ssl/?utm_term=what%20is%20a%20ssl%20certificate&utm_campaign=Simple+SSL&utm_source=adwords&utm_medium=ppc&hsa_tgt=kwd-1514133189&hsa_grp=40763490464&hsa_src=g&hsa_net=adwords&hsa_mt=b&hsa_ver=3&hsa_ad=142256245822&hsa_acc=6858520773&hsa_kw=what%20is%20a%20ssl%20certificate&hsa_cam=668933914&gclid=EAIaIQobChMIyuyLg9KQ4gIV6b_tCh3bWwk7EAAYASAAEgJQvPD_BwE

Once installed, you have to get into the Hostings CPanel area and configure a redirect from the http to https for it to work
« Last Edit: May 10, 2019, 10:28:07 AM by Alan Morley »
Logged
ISIS Melodeon, Hohner Erica,  Fender Strat Plus, Takamine, Hofner Violin Bass, Hohner CX12 Harmonica, etc.... Website: https://folk-music.uk

Clive Williams

  • Administrator
  • Hero Member
  • *****
  • Offline Offline
  • Posts: 3557
    • Home Page
Re: Security warning
« Reply #6 on: May 11, 2019, 11:46:47 AM »

Ah, certificates. Bane of me life. Theo, I think you'll probably need to chat to the hoster's support desk on this.

We've never had a certificate on melodeon.net, mostly because we don't really need it - we don't take payments, and they're a lot of hassle to setup and maintain.

There is regrettably nothing in the cpanel interface to let you autogenerate a certificate; I expect it's done in your hoster account area, then you copy the generated certificate into cpanel.

To do let's encrypt stuff, you either need direct access to the desktop/shell, or to do a really tiresome process every month, forever. Or you use what the hoster provides, which is usually a wrapper around Letsencrypt.

Firefox is working for me by the way; it gives the security warning which I would expect, but other than that lets me login fine.

Theo - by the way; the Cpanel SSL area is muttering about out of date certificates (internal use ones I expect) which expired on 6/5/19; I don't know what they are, but they may be related. It may be we had SSL enabled by default when the host switched, but didn't know about it.

If we do need to/want to implement it, we need to cover 2 domains - www.melodeon.net and forum.melodeon.net. Sorry about that; a knockon effect from when we took over from the old Aimoo site a *long* time ago.

baz parkes

  • Hero Member
  • *****
  • Offline Offline
  • Posts: 1875
    • All Blacked Up
Re: Security warning
« Reply #7 on: May 11, 2019, 11:59:09 AM »

Ah, certificates. Bane of me life. Theo, I think you'll probably need to chat to the hoster's support desk on this.

 they're a lot of hassle to setup and maintain.

Theo - by the way; the Cpanel SSL area is muttering about out of date certificates (internal use ones I expect) which expired on 6/5/19; I don't know what they are, but they may be related. It may be we had SSL enabled by default when the host switched, but didn't know about it.

If we do need to/want to implement it, we need to cover 2 domains - www.melodeon.net and forum.melodeon.net. Sorry about that; a knockon effect from when we took over from the old Aimoo site a *long* time ago.

And all of that serves as a handy reminder of the work the pair of you do to allow us to indulge ourselves in nice speculations of melodeon based philosophy fratefuor which we should be ever grateful...chapeau... :|glug
Logged
On the edge of Cheshire's Golden Triangle, apparently...

Theo

  • Administrator
  • Hero Member
  • *****
  • Offline Offline
  • Posts: 13727
  • Hohner Club Too
    • The Box Place
Re: Security warning
« Reply #8 on: May 11, 2019, 12:38:11 PM »

Thanks for the details Clive.

Our previous host provided a free Letsencrypt certificate which I implemented  on my website which is separate part of the same reseller hosting package.  With the new host it’s a paid add on.  I’ll ask if it can be applied to the forum domains.
Logged
Theo Gibb - Gateshead UK

Proprietor of The Box Place for melodeon and concertina sales and service.
Follow me on Twitter and Facebook for stock updates.

Anahata

  • This mind intentionally left blank
  • Hero Member
  • *****
  • Offline Offline
  • Posts: 6357
  • Oakwood D/G, C/F Club, 1-rows in C,D,G
    • Treewind Music
Re: Security warning
« Reply #9 on: May 11, 2019, 04:55:45 PM »

You can ask letsencrypt for a certificate that covers specific subdomains, so that's not a problem. Whether your hosting has support for automatic renewal is another matter. And manual renewal every 2 months - forget it!

(I'm currently moving all mine to new provider and running it with Virtualmin, which lets you give a list of subdomains you want for a letsencrypt certificate, for each domain.)
Logged
I'm a melodeon player. What's your excuse?
Music recording and web hosting: www.treewind.co.uk
Mary Humphreys and Anahata: www.maryanahata.co.uk
Ceilidh band: www.barleycoteband.co.uk

Chris Ryall

  • "doc 3-row"
  • French Interpreter
  • Hero Member
  • *****
  • Offline Offline
  • Posts: 10170
  • Wirral UK
    • Chris Ryall
Re: Security warning
« Reply #10 on: May 12, 2019, 11:56:53 AM »

You can ask letsencrypt for a certificate that covers specific subdomains, so that's not a problem. Whether your hosting has support for automatic renewal is another matter. And manual renewal every 2 months - forget it!

(I'm currently moving all mine to new provider and running it with Virtualmin, which lets you give a list of subdomains you want for a letsencrypt certificate, for each domain.)

As a client (Anahata's a reliable and gracious host) (:) I await instructions …  :|glug
Logged
  _       _    _      _ 

Peter Savage

  • Respected Sage
  • ****
  • Offline Offline
  • Posts: 441
Re: Security warning
« Reply #11 on: May 22, 2019, 05:50:47 PM »

Is there any way to turn off this security warning in my Chrome browser (mac)?  For a few weeks now I have found melnet unusable since I have to click 3 times each time I change page.  Any ideas?
Logged

Theo

  • Administrator
  • Hero Member
  • *****
  • Offline Offline
  • Posts: 13727
  • Hohner Club Too
    • The Box Place
Re: Security warning
« Reply #12 on: May 22, 2019, 05:56:44 PM »

Logged
Theo Gibb - Gateshead UK

Proprietor of The Box Place for melodeon and concertina sales and service.
Follow me on Twitter and Facebook for stock updates.

Tone Dumb Greg

  • Hero Member
  • *****
  • Offline Offline
  • Posts: 4929
    • Dartmoor Border Morris
Re: Security warning
« Reply #13 on: May 22, 2019, 05:57:26 PM »

Is there any way to turn off this security warning in my Chrome browser (mac)?  For a few weeks now I have found melnet unusable since I have to click 3 times each time I change page.  Any ideas?

I removed the https://
Worked fine then
Logged
Greg Smith
DG/GC Pokerwork, DG 2.4 Saltarelle, pre-war CF Hohner, Hohner 1040 Vienna style, old  BbEb Hohner that needs a lot of work.

ACCORDION, n. An instrument in harmony with the sentiments of an assassin. Ambrose Bierce

Broadland Boy

  • Hero Member
  • *****
  • Offline Offline
  • Posts: 1243
  • Awful noises from Pokerwork, HA114G, BbEb Liliputs
Re: Security warning
« Reply #14 on: May 22, 2019, 08:01:31 PM »

Brilliant Greg - I edited the shortcut / bookmark I use to melnet removing the 's' from https and saved it, which got me straight in, it then seems to navigate between pages as previously, presumably not expecting sub pages to be secure either.

The non melodeon related brain power among forum members is impressive  ;D
Logged
Richard A
Venit ventus contrarius ventus egrediente,
Omnes prope quid ventum est circa

Tone Dumb Greg

  • Hero Member
  • *****
  • Offline Offline
  • Posts: 4929
    • Dartmoor Border Morris
Re: Security warning
« Reply #15 on: May 22, 2019, 11:20:35 PM »

Brilliant Greg - I edited the shortcut / bookmark I use to melnet removing the 's' from https and saved it, which got me straight in, it then seems to navigate between pages as previously, presumably not expecting sub pages to be secure either.

The non melodeon related brain power among forum members is impressive  ;D

 :D
For me, the slightly odd thing is that I only starting using the secured https// address because my browser objected if I didn't. Suppose that's progress.
Logged
Greg Smith
DG/GC Pokerwork, DG 2.4 Saltarelle, pre-war CF Hohner, Hohner 1040 Vienna style, old  BbEb Hohner that needs a lot of work.

ACCORDION, n. An instrument in harmony with the sentiments of an assassin. Ambrose Bierce

Anahata

  • This mind intentionally left blank
  • Hero Member
  • *****
  • Offline Offline
  • Posts: 6357
  • Oakwood D/G, C/F Club, 1-rows in C,D,G
    • Treewind Music
Re: Security warning
« Reply #16 on: May 22, 2019, 11:44:46 PM »

For me, the slightly odd thing is that I only starting using the secured https// address because my browser objected if I didn't.

You should use https: if the site supports it, but if (like melnet currently) it doesn't, you HAVE to use http: or you'll get severe warnings.

If the site support https: it's also quite easy to configure the server to redirect from http: to https:, which enforces the first part of the above rule.
Logged
I'm a melodeon player. What's your excuse?
Music recording and web hosting: www.treewind.co.uk
Mary Humphreys and Anahata: www.maryanahata.co.uk
Ceilidh band: www.barleycoteband.co.uk

blunderbox

  • Good talker
  • **
  • Offline Offline
  • Posts: 77
Re: Security warning
« Reply #17 on: December 12, 2020, 11:28:56 PM »

I believe that using http instead of https means that your user name and password are sent in the clear, and can easily be picked off.  So, best to have a password on this site that you do not use on any other site.
Logged
Pages: [1]   Go Up
 


Melodeon.net - (c) Theo Gibb; Clive Williams 2010. The access and use of this website and forum featuring these terms and conditions constitutes your acceptance of these terms and conditions.
SimplePortal 2.3.5 © 2008-2012, SimplePortal