|
11-08-2019, 06:22 AM
|
#1
|
Mini-Skoolie
Join Date: Nov 2019
Location: California & UK
Posts: 16
|
Skoolie.net Not Secure - Certificate Issue
Hey folks in charge! I'm new here but thought it was a bit odd that you've not got your certs set up (see attached screenshot for example), I figured I had just joined on a day where they had lapsed, but it's been a few days now and I see it's still not sorted out, so I wanted to point it out in case you hadn't noticed?
|
|
|
11-08-2019, 06:31 AM
|
#2
|
Mini-Skoolie
Join Date: Nov 2019
Location: California & UK
Posts: 16
|
Just a quick additional note that may help you out, looks like you're using Cloudflare to handle your SSL but you've not configured it correctly - are you forcing a redirect to HTTP?
Anyway, a site set up correctly with Cloudflare should give a perfect score on this particular test (see attached). Hope this helps!
|
|
|
11-08-2019, 08:03 AM
|
#3
|
Bus Nut
Join Date: Jul 2019
Location: Johnson City TN
Posts: 441
Year: 2004
Coachwork: IC/AMTRANS RE
Engine: T444E 7.3 w/ MD3060
Rated Cap: 36000lbs / 78pass / 39'
|
Fill in your info, curious what kinda rig you have.
__________________
If you would like to check out my website that has all sort of information especially for the T444E/7.3PSD engines check out www.PatrickTheSalvageGuy.com I've got helpful downloads and articles as well as a link to my YT for other how to videos mainly on the F series trucks.
|
|
|
11-08-2019, 08:55 AM
|
#4
|
Bus Geek
Join Date: May 2009
Location: Columbus Ohio
Posts: 19,981
Year: 1991
Coachwork: Carpenter
Chassis: International 3800
Engine: DTA360 / MT643
Rated Cap: 7 Row Handicap
|
ive never had this site run in SSL mode.. i think they just run strictly HTTP... it may be cloudflare doing the rewrites but I never worried about it since its just school bus stuff.. the password I use here is one I only use here...
-Christopher
|
|
|
11-08-2019, 09:56 AM
|
#5
|
Mini-Skoolie
Join Date: Nov 2019
Location: California & UK
Posts: 16
|
Quote:
Originally Posted by PatrickBaptist
Fill in your info, curious what kinda rig you have.
|
Hey there, happy to help! I've accessed the site on a Win8.1 machine with Chrome on a broadband connection & an Android phone with Chrome via 4G, both are flagging as not secure. I've also checked on a Win10 VPS I'm running in France, and with a buddy in Scotland, and all responses come back the same, with the site being unsecured.
It's definitely an issue on the webserver end and on my rig
|
|
|
11-08-2019, 10:03 AM
|
#6
|
Bus Nut
Join Date: Jul 2019
Location: Johnson City TN
Posts: 441
Year: 2004
Coachwork: IC/AMTRANS RE
Engine: T444E 7.3 w/ MD3060
Rated Cap: 36000lbs / 78pass / 39'
|
Quote:
Originally Posted by WLRoadScholars
Hey there, happy to help! I've accessed the site on a Win8.1 machine with Chrome on a broadband connection & an Android phone with Chrome via 4G, both are flagging as not secure. I've also checked on a Win10 VPS I'm running in France, and with a buddy in Scotland, and all responses come back the same, with the site being unsecured.
It's definitely an issue on the webserver end and on my rig
|
Yuck windows 8, LOL I'm still running W2k3 LOL.
I wouldn't worry about the lack of security, just make sure to use a password you don't use for anything you care about.
This just isn't the kind of site I would care anything about in regards to security, if someone hijacked it I sure wouldn't fret over it. But then again I don't even fool with anti-virus software hahaha.
Like Chris was saying, it's not running in SSL so the notion of security is kinda null.
__________________
If you would like to check out my website that has all sort of information especially for the T444E/7.3PSD engines check out www.PatrickTheSalvageGuy.com I've got helpful downloads and articles as well as a link to my YT for other how to videos mainly on the F series trucks.
|
|
|
11-09-2019, 04:17 AM
|
#7
|
Bus Geek
Join Date: Sep 2015
Posts: 3,860
Year: 2002
Coachwork: Thomas Built Bus
Chassis: Freightliner FS65
Engine: Caterpillar 3126E Diesel
Rated Cap: 71 Passenger- 30,000 lbs.
|
Running HTTP only is NOT "kinda null security" ... it *is not* secure by the design of the protocol. The site would have to be set up as a secure server running the HTTPS protocol with an SSL certificate.
To the OP ... you have started a thread that is a non-issue. HTTP and HTTPS are different animals.
|
|
|
11-09-2019, 10:43 AM
|
#8
|
Bus Nut
Join Date: Jul 2019
Location: Johnson City TN
Posts: 441
Year: 2004
Coachwork: IC/AMTRANS RE
Engine: T444E 7.3 w/ MD3060
Rated Cap: 36000lbs / 78pass / 39'
|
Quote:
Originally Posted by Native
Running HTTP only is NOT "kinda null security" ... it *is not* secure by the design of the protocol. The site would have to be set up as a secure server running the HTTPS protocol with an SSL certificate.
To the OP ... you have started a thread that is a non-issue. HTTP and HTTPS are different animals.
|
Forgive me for saying "kinda". You are preaching to the choir on it bud.
__________________
If you would like to check out my website that has all sort of information especially for the T444E/7.3PSD engines check out www.PatrickTheSalvageGuy.com I've got helpful downloads and articles as well as a link to my YT for other how to videos mainly on the F series trucks.
|
|
|
11-09-2019, 03:55 PM
|
#9
|
Bus Geek
Join Date: Sep 2015
Posts: 3,860
Year: 2002
Coachwork: Thomas Built Bus
Chassis: Freightliner FS65
Engine: Caterpillar 3126E Diesel
Rated Cap: 71 Passenger- 30,000 lbs.
|
Quote:
Originally Posted by PatrickBaptist
Forgive me for saying "kinda". You are preaching to the choir on it bud.
|
I was tinking that was the case, but really wanted to make sure everyone understood the difference.
|
|
|
11-10-2019, 09:26 PM
|
#10
|
Almost There
Join Date: Sep 2019
Location: Loon Lake, NY
Posts: 84
Year: 2002
Engine: Cummins 8.3 ISC 300
Rated Cap: 36,200lbs
|
Really no reason not to run https. Letsencrypt.org makes it completely free. Certbot on linux will even keep everything renewed and upto date automatically.
|
|
|
11-10-2019, 10:00 PM
|
#11
|
Bus Crazy
Join Date: May 2017
Location: Athens, TN
Posts: 1,573
Year: 1999
Coachwork: Amtran
Chassis: International RE
Engine: International T444e
Rated Cap: 76
|
Quote:
Originally Posted by Neorush
Really no reason not to run https.
|
+1
This last year, I've taken many steps to anonymize my traffic and make myself difficult to track. With HTTP, someone sniffing network traffic can see what pages you are viewing. With HTTPS, they cannot. At best they can see a DNS request for the domain (DoH, VPN or onion routing mitigate this).
Personally I think HTTP should be disabled/redirect to HTTPS, as it helps prevent (not a cure-all, but makes it harder to) snoop on visitor traffic. Also any logins over HTTP compromise the account- passwords are sent over in plaintext (or hashed- but the hash is as good as the password for accessing the account).
|
|
|
|
Thread Tools |
|
Display Modes |
Linear Mode
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
» Recent Threads |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|