Search forums

Forums

Export thread

Security complaints

Feb 28, 2015#1

Dei

Chrome on my phone is bitching that halforums is unsafe to access. No issue if I load it through tapatalk.

Feb 28, 2015#2

Dei

Feb 28, 2015#3

Terrik

Im getting that too on my phone.

Feb 28, 2015#4

MindDetective

Ditto on my tablet

Feb 28, 2015#5

PatrThom

Hmm. My address bar says I'm successfully using https:// to connect to the forum, but I don't see any option to validate any certificate, nor do I see the lock icon.
Interesting.

--Patrick

Feb 28, 2015#6

CrimsonSoul

Yeah I get this too

Feb 28, 2015#7

Dei

Yeah when I use Firefox on my PC it's telling me that it's blocking something unsafe as well, but it still works. Unlike my phone browser, which says I can bypass protection, but it's UNSAFE!

Feb 28, 2015#8

Dave

The fuck? Is it the whole site or just certain parts of the site?

Feb 28, 2015#9

Dei

As far as I can tell it's everything.

Feb 28, 2015#10

Dave

Gas, you got any ideas off the top of your head? I changed nothing.

Feb 28, 2015#11

Chad Sexington

Everything loads fine for me, but Chrome says different threads are differently secure. No idea if this is useful, but here's a screenshot. First one is a screenshot from what it says on threads with a yellow (warning) lock, the latter from ones that are green (OK). More threads are yellow than green based on a quick, unscientific sample of clicking a dozen or so in my New Posts.

Feb 28, 2015#12

Celt Z

Yep, same here.

Feb 28, 2015#13

Bowielee

I'm not getting this on any of my browsers.

Feb 28, 2015#14

PatrThom

The page at https://www.halforums.com/xenforo/threads/security-complaints.31184/#post-1195262 ran insecure content from http://www.google.com/jsapi?_v=3fdfa9dc.
security-complaints.31184:58:103The page at https://www.halforums.com/xenforo/threads/security-complaints.31184/#post-1195262 ran insecure content from https://www.halforums.com/forumrunner/detect.js.
security-complaints.31184:389:215The page at https://www.halforums.com/xenforo/threads/security-complaints.31184/#post-1195262 displayed insecure content from http://img3.wikia.nocookie.net/__cb20140407034631/payday/images/1/17/RainbowDash.gif.
security-complaints.31184:650:165The page at https://www.halforums.com/xenforo/threads/security-complaints.31184/#post-1195262 displayed insecure content from http://tapatalk.imageshack.com/v2/15/02/28/5ca50d95cd5d292df389934eb8a8399b.jpg.
security-complaints.31184:3985[Warning] The page at https://www.halforums.com/xenforo/threads/security-complaints.31184/#post-1195262 ran insecure content from http://www.google.com/uds/?file=search&v=1. (jsapi, line 21, x2)
[Warning] The page at https://www.halforums.com/xenforo/threads/security-complaints.31184/#post-1195262 ran insecure content from http://www.wowhead.com/widgets/power.js. (security-complaints.31184, line 0)
[Warning] The page at https://www.halforums.com/xenforo/threads/security-complaints.31184/#post-1195262 ran insecure content from http://www.google.com/uds/api/search/1.0/23952f7483f1bca4119a89c020d13def/default en.css. (jsapi, line 21)
[Warning] The page at https://www.halforums.com/xenforo/threads/security-complaints.31184/#post-1195262 ran insecure content from http://www.google.com/uds/api/search/1.0/23952f7483f1bca4119a89c020d13def/default en.I.js. (jsapi, line 21, x2)
The page at https://www.halforums.com/xenforo/threads/security-complaints.31184/#post-1195262 ran insecure content from http://www.wowhead.com/widgets/power.js.
xenforo.js:221:190

Is that useful? It's from my error console.

--Patrick

Mar 1, 2015#15

GasBandit

Dave said:
Gas, you got any ideas off the top of your head? I changed nothing.

Started happening immediately after the downtime the other day, when they had to go swap servers. I'm guessing they don't have all their SSL ducks in a row on the new server.

Also, helps to page @GasBandit instead of saying "gas" out loud

Mar 1, 2015#16

Ravenpoe

GasBandit said:
Started happening immediately after the downtime the other day, when they had to go swap servers. I'm guessing they don't have all their SSL ducks in a row on the new server.

Also, helps to page @GasBandit instead of saying "gas" out loud

What about saying gas three times in a mirror at midnight?

Mar 1, 2015#17

PatrThom

Ravenpoe said:
What about saying gas three times in a mirror at midnight?

Might be time to cut down on your fiber if that's happening.

--Patrick

Mar 1, 2015#18

Jay

Gives me this shit too when uploading pictures.

Mar 1, 2015#19

Dave

Ticket opened with host.

Mar 2, 2015#20

Dave

SSL cert has been reinstalled. Please let me know if this helps.

Mar 2, 2015#21

MindDetective

Not yet for me. Is it something that needs to propagate?

Mar 2, 2015#22

PatrThom

I'll check for it again tomorrow.

--Patrick

Mar 2, 2015#23

Dave

MindDetective said:
Not yet for me. Is it something that needs to propagate?

That I don't know. I think it did when we switched so we'll give it until tomorrow.

Mar 4, 2015#24

PatrThom

Still no change.
Site URL shows "https://" but the icon showing "a secure connection has been established" is not present.

--Patrick

Mar 4, 2015#25

MindDetective

Yup

Mar 4, 2015#26

Charlie Don't Surf

I'm really bad at tech stuff, but I had this happen on another couple sites and I fixed it by changing my date on my computer back and forth. Maybe it had something to do with the end of February date or something making things look expired?

Mar 4, 2015#27

PatrThom

Charlie Don't Surf said:
I'm really bad at tech stuff, but I had this happen on another couple sites and I fixed it by changing my date on my computer back and forth. Maybe it had something to do with the end of February date or something making things look expired?

If your computer's battery runs out or it somehow otherwise loses the date, SSL won't work, so any site using https:// for connection will fail.
Fixing the date on your end will solve that, but if the server is set to the wrong date, you wouldn't be able to use SSL unless you broke your date to match.

--Patrick

Mar 4, 2015#28

Charlie Don't Surf

Yeah, I have it set back now to normal and everything works.

Mar 8, 2015#29

Celt Z

Not that it's a big deal, but I'm still getting the message Dei posted above from Chrome, and this is after a bunch of restarts. I can still get around it to the site, but I thought you might want to know.

Mar 8, 2015#30

Dave

The host has reset/reloaded the SSL. Not sure what else can be done. I'll let him know. maybe he'll have an idea or three.

Mar 14, 2015#31

Eriol

Still happening here. Only on my phone, not desktop Firefox.

Good luck fixing cert errors. They really suck.

Mar 15, 2015#32

Bubble181

Most of the main pages are OK for me, some threads (like this one) still aren't.

Mar 15, 2015#33

PatrThom

I still don't see a certificate validation happening.
It's not a huge deal. It just means my password is being sent in the clear, work can still intercept all the NSFW images (even when they're within a spoiler tag), you know. Nothing serious.

--Patrick

Apr 27, 2015#34

GasBandit

Well, the server's back up, obviously. Looks like there was a teensy rollback, nothing too big. SSL still isn't working quite right yet, but miraculously I can now upload pictures from work again, which I haven't been able to do in weeks.

Apr 27, 2015#35

PatrThom

GasBandit said:
Looks like there was a teensy rollback, nothing too big.

Sez you. Now I gotta go and put my movie review back in from memory.
Otherwise there will be no proof that I watched another movie.
I saved it in a text document on my computer before I posted it, but once it posted I think I threw it out. D'oh!

--Patrick

Apr 27, 2015#36

Bubble181

Oh, sure, now that my shift at work is over, it comes back on line! Typical! Pfuh!

Apr 27, 2015#37

Bowielee

Posts lost in time and space.

Apr 27, 2015#38

Terrik

I was traumatized, guys.

Apr 27, 2015#39

Dave

I was, too. Good thing my work kept me busy today![DOUBLEPOST=1430172515,1430172482][/DOUBLEPOST]Dynomite still doesn't work any longer, though.

Apr 27, 2015#40

bhamv3

My Avengers 2 review is gone! Gooooooone!

Apr 27, 2015#41

PatrThom

bhamv3 said:
My Avengers 2 review is gone! Gooooooone!

So are my posts with next week's lottery numbers!

--Patrick

Apr 27, 2015#42

PatrThom

FWIW, I do notice that the password database did not roll back. I changed my password probably 2-3 days ago and the forum still requires that newest one to get in.

--Patrick

Apr 27, 2015#43

Ravenpoe

PatrThom said:
Sez you. Now I gotta go and put my movie review back in from memory.
Otherwise there will be no proof that I watched another movie.
I saved it in a text document on my computer before I posted it, but once it posted I think I threw it out. D'oh!

--Patrick

This is why this happened. The universe cannot exist in a state in which you've seen something, and so had to auto-correct that with a rollback.

Apr 28, 2015#44

Bubble181

bhamv3 said:
My Avengers 2 review is gone! Gooooooone!

...."it was pretty neat, I enjoyed it"? Even I can retype your review from memory

Apr 28, 2015#45

Dave

I didn't read it anyway because I can't see it until the 8th or so. I'm going to avoid it until my son and I can go this next week.

Apr 28, 2015#46

Gruebeard

Nick posted a rant about work, I replied with helpful advice. Actual, 100% helpful advice. For the first time ever here.

I think maybe I broke the forum, caused it to travel back in time. Sorry your review was one of the casualties, Pat.

Apr 28, 2015#47

PatrThom

Meh, I'll put it back when I can sit down for 20min with a keyboard again.

--Patrick

Apr 28, 2015#48

Gruebeard

I'm not really concerned about your review, I just wanted to moan that my one attempted good deed here went punished.

Apr 28, 2015#49

Dave

The North Remembers.

Jun 27, 2015#50

Dei

I'm still getting this problem on my mobile Chrome. Any chance this will ever get fixed? :/

Jun 27, 2015#51

Shakey

I dunno if this would have anything to do with it, but you could pass it on to the host. http://serverfault.com/questions/62...-my-sites-security-certificate-is-not-trusted

Jun 27, 2015#52

Dave

Shakey said:
I dunno if this would have anything to do with it, but you could pass it on to the host. http://serverfault.com/questions/62...-my-sites-security-certificate-is-not-trusted

I will try that. I don't know what else to do.

Sent from my iPad using Tapatalk

Jun 27, 2015#53

GasBandit

Yeah, nothing I can help with unfortunately... it's something the hosting has to get worked out.

Jun 27, 2015#54

Eriol

Extremely intermittent, but not gone. Unfortunate, and annoying, but not your guys' fault.

Jun 30, 2015#55

GasBandit

I haven't seem to have had the problem for several days now.

Jun 30, 2015#56

Shakey

Same here.

Feb 7, 2017#57

Dei

My phone just complained that the site's cert expired yesterday.

Feb 7, 2017#58

Terrik

I'm getting it too

Feb 7, 2017#59

bhamv3

Getting it on desktop, Firefox 51.0.1.

Feb 7, 2017#60

drifter

Yep, Firefox 51.0.1

Feb 7, 2017#61

GasBandit

Dave is aware, there's an issue with hosting, could take a while to resolve.

Feb 7, 2017#62

Dave

The SSL cert came up for renewal and I paid for it - TWICE!! Turns out that for some reason there were FOUR certs on our site! Have no fucking clue why. That was the old host who did that to us. I had to do some stuff to get a new cert issued from the ones that I bought and I installed them. Seems to have done the trick.

Feb 9, 2017#63

PatrThom

Dave said:
The SSL cert came up for renewal and I paid for it - TWICE!! Turns out that for some reason there were FOUR certs on our site! Have no fucking clue why. That was the old host who did that to us. I had to do some stuff to get a new cert issued from the ones that I bought and I installed them. Seems to have done the trick.

Well maybe this explains why visiting the site would sometimes throw a cert error but then work immediately after with no explanation.

--Patrick

Feb 9, 2017#64

Dave

Yeah right now I have ONE cert on the site and three inactive.

Forums