Jump to content


Photo

Possible security flaw on TBD


  • Please log in to reply
3 replies to this topic

#1 justnzane

justnzane

    Jethus Cwhithe

  • Members
  • PipPipPipPipPip
  • 6,385 posts

Posted 18 February 2017 - 06:24 PM

I clicked on my TBD main page bookmark just now and was redirected to the following site:

 

http://w ww.nanoadexchange.com/a/display.php?r=1327287&sub1=821047&sub2=http://w ww.twobillsdrive.com/&treqn=2063455918&runauction=1&crr=58e9ee38b217a034da1e,,AfI8xVVlFFfx0UI5VSWZ1UYVVTORRTN1EfI8BfI8xeJ8hSO5kUc23aabe789194ee2e7b2&cbrandom=0.8298901682803752&cbtitle=&cbiframe=0&cbWidth=1366&cbHeight=676&cbdescription=&cbkeywords=

 

 

Space between first and second w's in www is intentional to prevent accidental clicking on link

 

My anti virus believed it to be a suspected hacking attempt, and chrome is claiming TBD to "not secure"

 

It could also be my ISP being crap (freaking Time Warner)


Edited by justnzane, 18 February 2017 - 06:25 PM.


#2 SDS

SDS

    What price for a cobra's egg?

  • Administrators
  • PipPipPipPipPipPip
  • 12,167 posts

Posted 18 February 2017 - 06:44 PM

That's more likely to be a virus on your CPU than on my end.

The not secure warning is a new thing google is doing to sites that don't use SSL certificates (https instead of http). It's just a passive aggressive way to get people to switch over, but it comes at a cost, but little benefit for a site like ours.

#3 justnzane

justnzane

    Jethus Cwhithe

  • Members
  • PipPipPipPipPip
  • 6,385 posts

Posted 19 February 2017 - 12:03 PM

That's more likely to be a virus on your CPU than on my end.

The not secure warning is a new thing google is doing to sites that don't use SSL certificates (https instead of http). It's just a passive aggressive way to get people to switch over, but it comes at a cost, but little benefit for a site like ours.

My AV is coming up clean. Time Warner does suck as an ISP, though, but I haven't had this happen on any other site that I frequent. So, I figured I'd report. Thanks Scott.



#4 Chilly

Chilly

    Formerly Known as BlueFire

  • Members
  • PipPipPipPipPipPip
  • 13,237 posts

Posted 20 February 2017 - 07:48 PM

That's more likely to be a virus on your CPU than on my end.

The not secure warning is a new thing google is doing to sites that don't use SSL certificates (https instead of http). It's just a passive aggressive way to get people to switch over, but it comes at a cost, but little benefit for a site like ours.

 

Does your provider charge you for Lets Encrypt certs?  Should be completely free in most cases.  https://letsencrypt.org/

 

If you're using a Varnish cache you can use NGINX in front of it to keep the cache running even with SSL.  Here's some instructions: https://komelin.com/...s/https-varnish