Reply
 
Thread Tools Display Modes
 
Old 01-05-2019, 12:46 AM   #1
Bus Crazy
 
milkmania's Avatar
 
Join Date: May 2015
Location: Oklahoma aka "God's blind spot"
Posts: 2,332
Year: 1989
Coachwork: 1853FC International/Navistar
Chassis: 35' Retired Air Force Ambulance
Engine: DT466, MT643
Rated Cap: 6 souls and a driver
website security?

I'm receiving notice that this is not secure....
all the other sites I browse in Chrome are secure
Untitled.jpg

Untitled2.jpg
__________________
I once complained I had no shoes....
Until I met a man with no feet
milkmania is offline   Reply With Quote
Old 01-05-2019, 04:28 AM   #2
Almost There
 
geminusprime's Avatar
 
Join Date: Dec 2018
Location: SC
Posts: 85
Year: 1997
Coachwork: International
Chassis: Vista 3600
Engine: DT466E
Rated Cap: 66
Same here, although checking the SSL certificate, it seems to be valid with no errors.

https://www.ssllabs.com/ssltest/anal...5.34.26&latest

Not Secured does not inherently mean danger. A website with the prefix "http" will be "not secure", while those beginning with 'https' will be secured. https requires a certificate to validate that the website is who it claims to be, and is used to fend off phishing, fraud, and the likes.

While it's a very good measure to take with websites, it's not critical if you're not processing user data. A single html page website likely doesn't need an ssl certificate, but a banking website does.

Just a late night 4Am guess before bed, but I'm guessing they have some asset (image, stylesheet, link) that's linking to a non-https location.
geminusprime is offline   Reply With Quote
Old 01-05-2019, 09:20 AM   #3
Bus Crazy
 
brokedown's Avatar
 
Join Date: Dec 2016
Location: St Petersburg, FL
Posts: 2,028
Year: 1997
Coachwork: Bluebird
Chassis: TC2000 FE
Engine: Cummins 5.9
Rated Cap: 72
It says "not secure" because they're including javascript from insecure URLs:

http://www.googletagservices.com/tag/js/gpt.js

Any time a https site loads any non-https resource you'll see the same thing.
__________________
Keep up with us and our build!
Follow us on Facebook, Instagram, and Twitter
brokedown is offline   Reply With Quote
Old 01-05-2019, 02:50 PM   #4
Bus Crazy
 
milkmania's Avatar
 
Join Date: May 2015
Location: Oklahoma aka "God's blind spot"
Posts: 2,332
Year: 1989
Coachwork: 1853FC International/Navistar
Chassis: 35' Retired Air Force Ambulance
Engine: DT466, MT643
Rated Cap: 6 souls and a driver
thanks for the replies and clarification

hopefully some wealthy hacker will feel sorry for me and add some money to my bank account!
__________________
I once complained I had no shoes....
Until I met a man with no feet
milkmania is offline   Reply With Quote
Old 01-09-2019, 08:50 AM   #5
Mini-Skoolie
 
Join Date: Apr 2018
Location: Huntsville AL
Posts: 13
Coachwork: On the hunt
Unhappy

Apparently that is normal, and the way they have it setup. The forum add-on vBadvanced was abandoned in 2014. I've asked about it and they are applying "user patches". The vBulletin version they are running ( vBulletin 3.8.8 ) also is unsupported.

https://observatory.mozilla.org/analyze/www.skoolie.net
JaredM is offline   Reply With Quote
Old 01-09-2019, 09:22 AM   #6
Bus Crazy
 
brokedown's Avatar
 
Join Date: Dec 2016
Location: St Petersburg, FL
Posts: 2,028
Year: 1997
Coachwork: Bluebird
Chassis: TC2000 FE
Engine: Cummins 5.9
Rated Cap: 72
Having previously run a large vbulletin site I can say that I understand the pain involved with the platform and the reasons not to upgrade. With that said, patching a http url to be a https one should be very easy, and there are content rewrite plugins for apache and nginx web servers that can alter http:// to https:// addresses in content on the fly. You can bet that any remote javascript worth injecting is available on https.
__________________
Keep up with us and our build!
Follow us on Facebook, Instagram, and Twitter
brokedown is offline   Reply With Quote
Old 01-09-2019, 03:02 PM   #7
Site Team
 
Janet H's Avatar
 
Join Date: Oct 2014
Location: Washington State
Posts: 555
Post

Quote:
Originally Posted by JaredM View Post
Apparently that is normal, and the way they have it setup. The forum add-on vBadvanced was abandoned in 2014. I've asked about it and they are applying "user patches". The vBulletin version they are running ( vBulletin 3.8.8 ) also is unsupported.

https://observatory.mozilla.org/analyze/www.skoolie.net
We are keeping the current version of the forum software patched and plan to move to another platform (probably Xenforo) in the coming year but there is pain associated with a change and so we are moving cautiously. Xenforo is still a young platform and we've been waiting for a bit more robust (and well tested) platform.

Regarding the not secure message:

Last year google began to push websites to use https instead of http as a security update. A few months ago they began to actually began to display that little red triangle;"not secure" on browser address lines.

The forum software is built on an http platform and so this is difficult. We hand coded an update to make the LOGIN page https. This is the page where user credentials are passed and the only sensitive data we store. Once a member has logged in the site reverts to http (and the alert begins to display in browsers). Using https on all pages actually breaks the forum. Offsite links and hosted images no longer work, ads don't display, photos, etc.


So... as you login the page is secure (https) but once you have logged in the regular site is http. Since no login/pass info is being sent on these pages we believe this is safe and reasonable. There's little we can do to change this until we move to a new forum software platform which eventually we will have to do.

You can read more about the google alerts here: https://www.wired.com/story/google-c...-secure-label/
__________________
You have brains in your head. You have feet in your shoes. You can steer yourself any direction you choose | Dr. Seuss
Janet H is offline   Reply With Quote
Old 01-09-2019, 08:57 PM   #8
Mini-Skoolie
 
Join Date: Apr 2018
Location: Huntsville AL
Posts: 13
Coachwork: On the hunt
Quote:
Originally Posted by Janet H View Post
<snip>
plan to move to another platform (probably Xenforo) in the coming year but there is pain associated with a change and so we are moving cautiously. Xenforo is still a young platform and we've been waiting for a bit more robust (and well tested) platform.
<snip>
Xenforo 1.0 was launched 2011, and 2.0 in 2017.

Why not use something that is open source and designed for modern devices, such as Discourse? https://www.discourse.org/
JaredM is offline   Reply With Quote
Old 01-10-2019, 12:29 AM   #9
Site Team
 
Janet H's Avatar
 
Join Date: Oct 2014
Location: Washington State
Posts: 555
Quote:
Originally Posted by JaredM View Post
Xenforo 1.0 was launched 2011, and 2.0 in 2017.

Why not use something that is open source and designed for modern devices, such as Discourse? https://www.discourse.org/
It was launched several years ago but there are only beginning to be addons that will support our site features. Photo albums, the registry and other features are heavily used here and an important archive of content. A software change is a big deal and so we are considering various options and moving cautiously.
__________________
You have brains in your head. You have feet in your shoes. You can steer yourself any direction you choose | Dr. Seuss
Janet H is offline   Reply With Quote
Old 01-16-2019, 11:08 PM   #10
Bus Crazy
 
Join Date: Aug 2014
Location: SW New Hampshire
Posts: 1,214
support skoolie.net?

I had thought to start a new thread for this, but it probably fits in this topic just as well. I get a "School Bus Conversion Newsletter" weekly. On the current one (issue 74) I saw the "support" text below and wanted to find out what it was; whether there was some sort of "support" available at the referenced website, or more likely it was a place to toss a few bucks your way (which I would be willing to do; I find a lot of value in this forum).



What I got was a "help" popup from Google Mail detailing the reasons your "via" link didn't meet their standards and was cleansed from the message. I can put that text here, but more than likely you are or will be on track to clean that issue up when you move to the new platform.
School Bus Conversion support@skoolie.net via criticalimpactinc.com
dan-fox is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Powered by vBadvanced CMPS v3.2.3

All times are GMT -5. The time now is 08:08 PM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2019, vBulletin Solutions, Inc.