Security complaints

Dei · Feb 28, 2015

Chrome on my phone is bitching that halforums is unsafe to access. No issue if I load it through tapatalk.

Dei · Feb 28, 2015

Terrik · Feb 28, 2015

Im getting that too on my phone.

MindDetective · Feb 28, 2015

Ditto on my tablet

PatrThom · Feb 28, 2015

Hmm. My address bar says I'm successfully using https:// to connect to the forum, but I don't see any option to validate any certificate, nor do I see the lock icon.
Interesting.

--Patrick

CrimsonSoul · Feb 28, 2015

Yeah I get this too

Dei · Feb 28, 2015

Yeah when I use Firefox on my PC it's telling me that it's blocking something unsafe as well, but it still works. Unlike my phone browser, which says I can bypass protection, but it's UNSAFE!

Dave · Feb 28, 2015

The fuck? Is it the whole site or just certain parts of the site?

Dei · Feb 28, 2015

As far as I can tell it's everything.

Dave · Feb 28, 2015

Gas, you got any ideas off the top of your head? I changed nothing.

Chad Sexington · Feb 28, 2015

Everything loads fine for me, but Chrome says different threads are differently secure. No idea if this is useful, but here's a screenshot. First one is a screenshot from what it says on threads with a yellow (warning) lock, the latter from ones that are green (OK). More threads are yellow than green based on a quick, unscientific sample of clicking a dozen or so in my New Posts.

Celt Z · Feb 28, 2015

Yep, same here.

Bowielee · Feb 28, 2015

I'm not getting this on any of my browsers.

PatrThom · Feb 28, 2015

The page at https://www.halforums.com/xenforo/threads/security-complaints.31184/#post-1195262 ran insecure content from http://www.google.com/jsapi?_v=3fdfa9dc.
security-complaints.31184:58:103The page at https://www.halforums.com/xenforo/threads/security-complaints.31184/#post-1195262 ran insecure content from https://www.halforums.com/forumrunner/detect.js.
security-complaints.31184:389:215The page at https://www.halforums.com/xenforo/threads/security-complaints.31184/#post-1195262 displayed insecure content from http://img3.wikia.nocookie.net/__cb20140407034631/payday/images/1/17/RainbowDash.gif.
security-complaints.31184:650:165The page at https://www.halforums.com/xenforo/threads/security-complaints.31184/#post-1195262 displayed insecure content from http://tapatalk.imageshack.com/v2/15/02/28/5ca50d95cd5d292df389934eb8a8399b.jpg.
security-complaints.31184:3985[Warning] The page at https://www.halforums.com/xenforo/threads/security-complaints.31184/#post-1195262 ran insecure content from http://www.google.com/uds/?file=search&v=1. (jsapi, line 21, x2)
[Warning] The page at https://www.halforums.com/xenforo/threads/security-complaints.31184/#post-1195262 ran insecure content from http://www.wowhead.com/widgets/power.js. (security-complaints.31184, line 0)
[Warning] The page at https://www.halforums.com/xenforo/threads/security-complaints.31184/#post-1195262 ran insecure content from http://www.google.com/uds/api/search/1.0/23952f7483f1bca4119a89c020d13def/default en.css. (jsapi, line 21)
[Warning] The page at https://www.halforums.com/xenforo/threads/security-complaints.31184/#post-1195262 ran insecure content from http://www.google.com/uds/api/search/1.0/23952f7483f1bca4119a89c020d13def/default en.I.js. (jsapi, line 21, x2)
The page at https://www.halforums.com/xenforo/threads/security-complaints.31184/#post-1195262 ran insecure content from http://www.wowhead.com/widgets/power.js.
xenforo.js:221:190

Is that useful? It's from my error console.

--Patrick

GasBandit · Mar 1, 2015

Dave said:
Gas, you got any ideas off the top of your head? I changed nothing.

Started happening immediately after the downtime the other day, when they had to go swap servers. I'm guessing they don't have all their SSL ducks in a row on the new server.

Also, helps to page @GasBandit instead of saying "gas" out loud

Ravenpoe · Mar 1, 2015

GasBandit said:
Started happening immediately after the downtime the other day, when they had to go swap servers. I'm guessing they don't have all their SSL ducks in a row on the new server.

Also, helps to page @GasBandit instead of saying "gas" out loud

What about saying gas three times in a mirror at midnight?

PatrThom · Mar 1, 2015

Ravenpoe said:
What about saying gas three times in a mirror at midnight?

Might be time to cut down on your fiber if that's happening.

--Patrick

Jay · Mar 1, 2015

Gives me this shit too when uploading pictures.

Dave · Mar 1, 2015

Ticket opened with host.

Dave · Mar 2, 2015

SSL cert has been reinstalled. Please let me know if this helps.

MindDetective · Mar 2, 2015

Not yet for me. Is it something that needs to propagate?

PatrThom · Mar 2, 2015

I'll check for it again tomorrow.

--Patrick

Dave · Mar 2, 2015

MindDetective said:
Not yet for me. Is it something that needs to propagate?

That I don't know. I think it did when we switched so we'll give it until tomorrow.

PatrThom · Mar 4, 2015

Still no change.
Site URL shows "https://" but the icon showing "a secure connection has been established" is not present.

--Patrick

MindDetective · Mar 4, 2015

Charlie Don't Surf · Mar 4, 2015

I'm really bad at tech stuff, but I had this happen on another couple sites and I fixed it by changing my date on my computer back and forth. Maybe it had something to do with the end of February date or something making things look expired?

PatrThom · Mar 4, 2015

Charlie Don't Surf said:
I'm really bad at tech stuff, but I had this happen on another couple sites and I fixed it by changing my date on my computer back and forth. Maybe it had something to do with the end of February date or something making things look expired?

If your computer's battery runs out or it somehow otherwise loses the date, SSL won't work, so any site using https:// for connection will fail.
Fixing the date on your end will solve that, but if the server is set to the wrong date, you wouldn't be able to use SSL unless you broke your date to match.

--Patrick

Charlie Don't Surf · Mar 4, 2015

Yeah, I have it set back now to normal and everything works.

Celt Z · Mar 8, 2015

Not that it's a big deal, but I'm still getting the message Dei posted above from Chrome, and this is after a bunch of restarts. I can still get around it to the site, but I thought you might want to know.

Dave · Mar 8, 2015

The host has reset/reloaded the SSL. Not sure what else can be done. I'll let him know. maybe he'll have an idea or three.

Eriol · Mar 14, 2015

Still happening here. Only on my phone, not desktop Firefox.

Good luck fixing cert errors. They really suck.

Bubble181 · Mar 15, 2015

Most of the main pages are OK for me, some threads (like this one) still aren't.

PatrThom · Mar 15, 2015

I still don't see a certificate validation happening.
It's not a huge deal. It just means my password is being sent in the clear, work can still intercept all the NSFW images (even when they're within a spoiler tag), you know. Nothing serious.

--Patrick

GasBandit · Apr 27, 2015

Well, the server's back up, obviously. Looks like there was a teensy rollback, nothing too big. SSL still isn't working quite right yet, but miraculously I can now upload pictures from work again, which I haven't been able to do in weeks.

PatrThom · Apr 27, 2015

GasBandit said:
Looks like there was a teensy rollback, nothing too big.

Sez you. Now I gotta go and put my movie review back in from memory.
Otherwise there will be no proof that I watched another movie.
I saved it in a text document on my computer before I posted it, but once it posted I think I threw it out. D'oh!

--Patrick