Securing Logins
- Cylus Maxii
- Posts: 3349
- Joined: Fri Nov 05, 2004 10:13 pm
- Location: Denver, CO
- Contact:
Securing Logins
Can we please implement https for login?
My nephew, Jake - "I mean is there really anything more pure? Than sweet zombie monkey love?"
- FishPants
- Server WhOOre
- Posts: 4670
- Joined: Fri Oct 15, 2004 1:38 pm
- Location: Canada
Re: Securing Logins
I'll look into it.. I'm hesitant to enhance this version much, but it's a reasonable request. I'll see what the effort is to purchase a cert, and then rewrite URLs to https.
No.
- FishPants
- Server WhOOre
- Posts: 4670
- Joined: Fri Oct 15, 2004 1:38 pm
- Location: Canada
Re: Securing Logins
I ordered (and installed) an SSL certificate.. Do me a favour please and try to use the site using https:// and let me know if any problems (before I force this site wide). I think I'll just make the whole damn site SSL rather then doing URL rewriting for login and registration pages.Cylus Maxii wrote:Can we please implement https for login?
No.
- stessier
- Posts: 30135
- Joined: Tue Dec 21, 2004 12:30 pm
- Location: SC
Re: Securing Logins
Works for me using Chrome and prosilver.
I require a reminder as to why raining arcane destruction is not an appropriate response to all of life's indignities. - Vaarsuvius
Global Steam Wishmaslist Tracking
Global Steam Wishmaslist Tracking
Running__ | __2014: 1300.55 miles__ | __2015: 2036.13 miles__ | __2016: 1012.75 miles__ | __2017: 1105.82 miles__ | __2018: 1318.91 miles | __2019: 2000.00 miles |
- FishPants
- Server WhOOre
- Posts: 4670
- Joined: Fri Oct 15, 2004 1:38 pm
- Location: Canada
Re: Securing Logins
Ok well I added a rewrite in htaccess to force SSL. Let me know if any problems (I also forced all cookies to use secure, so you might get logged out until you relogin under https.. maybe not.. the intertubez is muddy on this).
Anyways good suggestion, thanks.
Anyways good suggestion, thanks.
No.
- stessier
- Posts: 30135
- Joined: Tue Dec 21, 2004 12:30 pm
- Location: SC
Re: Securing Logins
I didn't get logged out, but all the graphics were reloaded (noticed most on the smilies as they popped in rather slowly). No slow down in speed after the first visit to each board, though.
I require a reminder as to why raining arcane destruction is not an appropriate response to all of life's indignities. - Vaarsuvius
Global Steam Wishmaslist Tracking
Global Steam Wishmaslist Tracking
Running__ | __2014: 1300.55 miles__ | __2015: 2036.13 miles__ | __2016: 1012.75 miles__ | __2017: 1105.82 miles__ | __2018: 1318.91 miles | __2019: 2000.00 miles |
- Isgrimnur
- Posts: 84898
- Joined: Sun Oct 15, 2006 12:29 am
- Location: Chookity pok
- Contact:
- FishPants
- Server WhOOre
- Posts: 4670
- Joined: Fri Oct 15, 2004 1:38 pm
- Location: Canada
Re: Securing Logins
I apparently need to login to tapatalk to configure the dashboard.. I have six passwords in lastpass for tapatalk, none of them work (lastpass and tapatalk never get along...).. So I do a password reset, it never sends me the email to reset the password.Isgrimnur wrote:You broke Tapatalk.
I'll wait and see, but as usual Tapatalk is a bit of a gong show.
No.
- GreenGoo
- Posts: 43033
- Joined: Thu Oct 14, 2004 10:46 pm
- Location: Ottawa, ON
Re: Securing Logins
When I post, the redirect afterwards is broken. from the url it looks like it's tacking on the port number (80 which is standard http. If the port is hard coded, should be 443, no?).
I'll grab the URL and post it here for you, just a sec.
edit: here's the URL from the first time I posted this post.
That's the redirect after the "message has been posted successfully" page, and it fails.
edit2: Removing the port number fixes the URL, fyi. So whatever is inserting the :80 on the end of the domain is breaking it.
edit3: changing :80 to :443 also works, fyi.
I'll grab the URL and post it here for you, just a sec.
edit: here's the URL from the first time I posted this post.
Code: Select all
https://www.octopusoverlords.com:80/forum/viewtopic.php?f=10&t=94323&p=2467947#p2467947
edit2: Removing the port number fixes the URL, fyi. So whatever is inserting the :80 on the end of the domain is breaking it.
edit3: changing :80 to :443 also works, fyi.
Last edited by GreenGoo on Fri Apr 28, 2017 2:25 pm, edited 3 times in total.
- FishPants
- Server WhOOre
- Posts: 4670
- Joined: Fri Oct 15, 2004 1:38 pm
- Location: Canada
Re: Securing Logins
I'm relying using the stupid app. Think I fixed it.Isgrimnur wrote:You broke Tapatalk.
Sent from my iPhone using Tapatalk
No.
- Isgrimnur
- Posts: 84898
- Joined: Sun Oct 15, 2006 12:29 am
- Location: Chookity pok
- Contact:
Re: Securing Logins
I'm back in through the app. Thank you.
It's almost as if people are the problem.
- FishPants
- Server WhOOre
- Posts: 4670
- Joined: Fri Oct 15, 2004 1:38 pm
- Location: Canada
Re: Securing Logins
GreenGoo wrote:When I post, the redirect afterwards is broken. from the url it looks like it's tacking on the port number (80 which is standard http. If the port is hard coded, should be 443, no?).
I'll grab the URL and post it here for you, just a sec.
edit: here's the URL from the first time I posted this post.
That's the redirect after the "message has been posted successfully" page, and it fails.Code: Select all
https://www.octopusoverlords.com:80/forum/viewtopic.php?f=10&t=94323&p=2467947#p2467947
edit2: Removing the port number fixes the URL, fyi. So whatever is inserting the :80 on the end of the domain is breaking it.
edit3: changing :80 to :443 also works, fyi.
Thanks.. I turned off all rewriting in apache and it was still doing it.. found another setting in PHPbb3 that I mucked with, reversed that and it seemed to fix it.. Going to turn rewriting back on and see if the stupid hard coded port comes back (seriously who hard codes a f'ing port).
No.
- FishPants
- Server WhOOre
- Posts: 4670
- Joined: Fri Oct 15, 2004 1:38 pm
- Location: Canada
Re: Securing Logins
Ok I think I have HTTPS rewriting working again, and the referral link after posting working as well as Tapatalk restored. Phew.
No.
- GreenGoo
- Posts: 43033
- Joined: Thu Oct 14, 2004 10:46 pm
- Location: Ottawa, ON
Re: Securing Logins
Yep, working for me. Nice job.
How painful was it?
How painful was it?
- FishPants
- Server WhOOre
- Posts: 4670
- Joined: Fri Oct 15, 2004 1:38 pm
- Location: Canada
Re: Securing Logins
Not bad really.. I ordered a cert through rapidssl (reseller of anyways).. $20 for 3 years, took them about 5-6 hours to cough it up though after I submitted the CSR.
The trouble is every jackwagon on the Internet has a different method of doing the rewrite for phpbb3 in Apache.. Ends up 99% of them were wrong. Ended up using a more generic command (and using a system variable for the domain name instead of a hard code) and forced the redirect.
One of these days soon I need to take a bare metal backup of the system, nuke it and upgrade CENTOS.. We are a few major revisions behind (not end of life yet, but our butt is dragging out the back door a bit). In theory with everything plugging in via virtualmin/webmin, recovery of the website and DBs should be relatively painless. I'll probably test that theory first on a local computer running the latest CENTOS of course before I do that (plus our server hardware is at least 5 years old.. might be time to refresh that as well).
The trouble is every jackwagon on the Internet has a different method of doing the rewrite for phpbb3 in Apache.. Ends up 99% of them were wrong. Ended up using a more generic command (and using a system variable for the domain name instead of a hard code) and forced the redirect.
One of these days soon I need to take a bare metal backup of the system, nuke it and upgrade CENTOS.. We are a few major revisions behind (not end of life yet, but our butt is dragging out the back door a bit). In theory with everything plugging in via virtualmin/webmin, recovery of the website and DBs should be relatively painless. I'll probably test that theory first on a local computer running the latest CENTOS of course before I do that (plus our server hardware is at least 5 years old.. might be time to refresh that as well).
No.
- Isgrimnur
- Posts: 84898
- Joined: Sun Oct 15, 2006 12:29 am
- Location: Chookity pok
- Contact:
- GreenGoo
- Posts: 43033
- Joined: Thu Oct 14, 2004 10:46 pm
- Location: Ottawa, ON
Re: Securing Logins
Hmmm, I wonder if there might be an Apache wrapper or something that leaves the website in http but serves it as https, which would bypass mucking with php completely, although now you're mucking with Apache. Like standard app server/front end stuff, but all running on the same server.
In any case, you've got it running and nice job.
I'm still on CentOS 6 (as are our prod linux boxes) but I'm in no rush.
nmap tells me OO is running on 3? Heh. Ouch.
In any case, you've got it running and nice job.
I'm still on CentOS 6 (as are our prod linux boxes) but I'm in no rush.
nmap tells me OO is running on 3? Heh. Ouch.
Last edited by GreenGoo on Fri Apr 28, 2017 3:00 pm, edited 1 time in total.
- FishPants
- Server WhOOre
- Posts: 4670
- Joined: Fri Oct 15, 2004 1:38 pm
- Location: Canada
Re: Securing Logins
Odd not on my end?Isgrimnur wrote:TT is back to busted.
Anyone else confirm?
Sent from my iPhone using Tapatalk
No.
- $iljanus
- Forum Moderator
- Posts: 13916
- Joined: Wed Oct 13, 2004 3:46 pm
- Location: New England...or under your bed
Re: Securing Logins
Tapatalk was busted for me around 2:30ish EST but is fine now. Perhaps relogging in will fix it?
"Who's going to tell him that the job he's currently seeking might just be one of those Black jobs?"
-Michelle Obama 2024 Democratic Convention
Wise words of warning from Smoove B: Oh, how you all laughed when I warned you about the semen. Well, who's laughing now?
-Michelle Obama 2024 Democratic Convention
Wise words of warning from Smoove B: Oh, how you all laughed when I warned you about the semen. Well, who's laughing now?
- gilraen
- Posts: 4523
- Joined: Wed Sep 04, 2013 7:45 pm
- Location: Broomfield, CO
Re: Securing Logins
Seems fine on my phone.
Sent from my SM-G900T using Tapatalk
Sent from my SM-G900T using Tapatalk
- $iljanus
- Forum Moderator
- Posts: 13916
- Joined: Wed Oct 13, 2004 3:46 pm
- Location: New England...or under your bed
Re: Securing Logins
Uggh we have ads now though. Didn't have any before. My ad suggests ways to see if your spouse is cheating. Pretty tacky crap.$iljanus wrote:Tapatalk was busted for me around 2:30ish EST but is fine now. Perhaps relogging in will fix it?
"Who's going to tell him that the job he's currently seeking might just be one of those Black jobs?"
-Michelle Obama 2024 Democratic Convention
Wise words of warning from Smoove B: Oh, how you all laughed when I warned you about the semen. Well, who's laughing now?
-Michelle Obama 2024 Democratic Convention
Wise words of warning from Smoove B: Oh, how you all laughed when I warned you about the semen. Well, who's laughing now?
- GreenGoo
- Posts: 43033
- Joined: Thu Oct 14, 2004 10:46 pm
- Location: Ottawa, ON
Re: Securing Logins
No sign of ads for me. Is that tapatalk only?
- $iljanus
- Forum Moderator
- Posts: 13916
- Joined: Wed Oct 13, 2004 3:46 pm
- Location: New England...or under your bed
Re: Securing Logins
Oops yeah it's a tapatalk thing.
"Who's going to tell him that the job he's currently seeking might just be one of those Black jobs?"
-Michelle Obama 2024 Democratic Convention
Wise words of warning from Smoove B: Oh, how you all laughed when I warned you about the semen. Well, who's laughing now?
-Michelle Obama 2024 Democratic Convention
Wise words of warning from Smoove B: Oh, how you all laughed when I warned you about the semen. Well, who's laughing now?
- GreenGoo
- Posts: 43033
- Joined: Thu Oct 14, 2004 10:46 pm
- Location: Ottawa, ON
Re: Securing Logins
No it was clear, I just didn't read your post in context with the other posts around it.$iljanus wrote:Oops yeah it's a tapatalk thing.
- Isgrimnur
- Posts: 84898
- Joined: Sun Oct 15, 2006 12:29 am
- Location: Chookity pok
- Contact:
- hentzau
- Posts: 15227
- Joined: Thu Oct 21, 2004 11:06 am
- Location: Castle Zenda, Ruritania
Re: Securing Logins
I had to kill tapatalk to get back in, but I'm in OK now. Thanks!
“We can never allow Murania to become desecrated by the presence of surface people. Our lives are serene, our minds are superior, our accomplishments greater. Gene Autry must be captured!!!” - Queen Tika, The Phantom Empire
- Zarathud
- Posts: 17052
- Joined: Fri Oct 15, 2004 10:29 pm
- Location: Chicago, Illinois
Re: Securing Logins
Same here -- but had to quit OO and resubscribe in Tapatalk.
"A lie can run round the world before the truth has got its boots on." -Terry Pratchett, The Truth
"The presence of those seeking the truth is infinitely to be preferred to those who think they've found it." -Terry Pratchett, Monstrous Regiment
"The presence of those seeking the truth is infinitely to be preferred to those who think they've found it." -Terry Pratchett, Monstrous Regiment
- $iljanus
- Forum Moderator
- Posts: 13916
- Joined: Wed Oct 13, 2004 3:46 pm
- Location: New England...or under your bed
Re: Securing Logins
Are all the tapatalk users seeing ads now or have they always have had ads and I'm just seeing them now?
"Who's going to tell him that the job he's currently seeking might just be one of those Black jobs?"
-Michelle Obama 2024 Democratic Convention
Wise words of warning from Smoove B: Oh, how you all laughed when I warned you about the semen. Well, who's laughing now?
-Michelle Obama 2024 Democratic Convention
Wise words of warning from Smoove B: Oh, how you all laughed when I warned you about the semen. Well, who's laughing now?
- Cylus Maxii
- Posts: 3349
- Joined: Fri Nov 05, 2004 10:13 pm
- Location: Denver, CO
- Contact:
Re: Securing Logins
Thanks for this effort! Everything works for me with Edge, Firefox and Tapatalk. I did have to kill TT after it erred the first time, and then it prompted for password the next time.FishPants wrote:I ordered (and installed) an SSL certificate.. Do me a favour please and try to use the site using https:// and let me know if any problems (before I force this site wide). I think I'll just make the whole damn site SSL rather then doing URL rewriting for login and registration pages.Cylus Maxii wrote:Can we please implement https for login?
My nephew, Jake - "I mean is there really anything more pure? Than sweet zombie monkey love?"
- stessier
- Posts: 30135
- Joined: Tue Dec 21, 2004 12:30 pm
- Location: SC
Re: Securing Logins
I came home and am using an android tablet. It says the certificate comes from an untrusted source and i had to agree coming here was unsafe.
I require a reminder as to why raining arcane destruction is not an appropriate response to all of life's indignities. - Vaarsuvius
Global Steam Wishmaslist Tracking
Global Steam Wishmaslist Tracking
Running__ | __2014: 1300.55 miles__ | __2015: 2036.13 miles__ | __2016: 1012.75 miles__ | __2017: 1105.82 miles__ | __2018: 1318.91 miles | __2019: 2000.00 miles |
- TheMix
- Posts: 11303
- Joined: Thu Oct 14, 2004 5:19 pm
- Location: Broomfield, Colorado
Re: Securing Logins
Well that's a given. Isn't it?stessier wrote:coming here was unsafe.
Black Lives Matter
Isgrimnur - Facebook makes you hate your friends and family. LinkedIn makes you hate you co-workers. NextDoor makes you hate your neighbors.
- stessier
- Posts: 30135
- Joined: Tue Dec 21, 2004 12:30 pm
- Location: SC
Re: Securing Logins
Yeah, but hadn't realizsd it was documented.
I require a reminder as to why raining arcane destruction is not an appropriate response to all of life's indignities. - Vaarsuvius
Global Steam Wishmaslist Tracking
Global Steam Wishmaslist Tracking
Running__ | __2014: 1300.55 miles__ | __2015: 2036.13 miles__ | __2016: 1012.75 miles__ | __2017: 1105.82 miles__ | __2018: 1318.91 miles | __2019: 2000.00 miles |
- FishPants
- Server WhOOre
- Posts: 4670
- Joined: Fri Oct 15, 2004 1:38 pm
- Location: Canada
Re: Securing Logins
No, cert is from rapidssl this is not a self signed cert. Is this an old android? Maybe I need to install ca chain certain too..?stessier wrote:I came home and am using an android tablet. It says the certificate comes from an untrusted source and i had to agree coming here was unsafe.
No.
- FishPants
- Server WhOOre
- Posts: 4670
- Joined: Fri Oct 15, 2004 1:38 pm
- Location: Canada
Re: Securing Logins
Oh hell no. I'm on the road for a kiddo competition and am watching the baseball game on my laptop.. I'll check the dashboard in a bit and see what's up with that.$iljanus wrote:Uggh we have ads now though. Didn't have any before. My ad suggests ways to see if your spouse is cheating. Pretty tacky crap.$iljanus wrote:Tapatalk was busted for me around 2:30ish EST but is fine now. Perhaps relogging in will fix it?
No.
- Jolor
- Posts: 3277
- Joined: Wed Oct 13, 2004 8:25 am
Re: Securing Logins
Firefox 53.0 does not allow:
uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported. Error code: SEC_ERROR_UNKNOWN_ISSUER
In via Chrome OK.
uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported. Error code: SEC_ERROR_UNKNOWN_ISSUER
In via Chrome OK.
So sayeth the wise Alaundo.
- FishPants
- Server WhOOre
- Posts: 4670
- Joined: Fri Oct 15, 2004 1:38 pm
- Location: Canada
Re: Securing Logins
Can you view the cert in Firefox? Sounds like I need to install intermediary certs.Jolor wrote:Firefox 53.0 does not allow:
uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported. Error code: SEC_ERROR_UNKNOWN_ISSUER
In via Chrome OK.
No.
- FishPants
- Server WhOOre
- Posts: 4670
- Joined: Fri Oct 15, 2004 1:38 pm
- Location: Canada
Re: Securing Logins
Logged in, tapatalk now wants ME to pay $60 to not enable ads. Fuck them. This app is borderline malware, but I'm not paying them a red cent.$iljanus wrote:Uggh we have ads now though. Didn't have any before. My ad suggests ways to see if your spouse is cheating. Pretty tacky crap.$iljanus wrote:Tapatalk was busted for me around 2:30ish EST but is fine now. Perhaps relogging in will fix it?
Sorry guys, looks like now you get ads.
No.
- $iljanus
- Forum Moderator
- Posts: 13916
- Joined: Wed Oct 13, 2004 3:46 pm
- Location: New England...or under your bed
Re: Securing Logins
No need to apologize. I wonder if there's another app that's similar? Tapatalk is easier to read and use on my phone but the ads are really intrusive to me. I could pony up some cash to buy the ad free user version I guess or get used to it until I click on an ad by mistake.FishPants wrote:Logged in, tapatalk now wants ME to pay $60 to not enable ads. Fuck them. This app is borderline malware, but I'm not paying them a red cent.$iljanus wrote:Uggh we have ads now though. Didn't have any before. My ad suggests ways to see if your spouse is cheating. Pretty tacky crap.$iljanus wrote:Tapatalk was busted for me around 2:30ish EST but is fine now. Perhaps relogging in will fix it?
Sorry guys, looks like now you get ads.
"Who's going to tell him that the job he's currently seeking might just be one of those Black jobs?"
-Michelle Obama 2024 Democratic Convention
Wise words of warning from Smoove B: Oh, how you all laughed when I warned you about the semen. Well, who's laughing now?
-Michelle Obama 2024 Democratic Convention
Wise words of warning from Smoove B: Oh, how you all laughed when I warned you about the semen. Well, who's laughing now?
- Jolor
- Posts: 3277
- Joined: Wed Oct 13, 2004 8:25 am
Re: Securing Logins
Yes. Anything you want me to look for, specifically?FishPants wrote:Can you view the cert in Firefox? Sounds like I need to install intermediary certs.Jolor wrote:Firefox 53.0 does not allow:
uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported. Error code: SEC_ERROR_UNKNOWN_ISSUER
In via Chrome OK.
So sayeth the wise Alaundo.
- FishPants
- Server WhOOre
- Posts: 4670
- Joined: Fri Oct 15, 2004 1:38 pm
- Location: Canada
Re: Securing Logins
Does it show it being a rapidssl cert? And you are using the oo URL?Jolor wrote:Yes. Anything you want me to look for, specifically?FishPants wrote:Can you view the cert in Firefox? Sounds like I need to install intermediary certs.Jolor wrote:Firefox 53.0 does not allow:
uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported. Error code: SEC_ERROR_UNKNOWN_ISSUER
In via Chrome OK.
Sent from my iPhone using Tapatalk
No.