milkmania
Senior Member
I'm receiving notice that this is not secure....
all the other sites I browse in Chrome are secure
all the other sites I browse in Chrome are secure
geminusprime
Senior Member
Same here, although checking the SSL certificate, it seems to be valid with no errors.
https://www.ssllabs.com/ssltest/analyze.html?d=www.skoolie.net&s=104.25.34.26&latest
Not Secured does not inherently mean danger. A website with the prefix "http" will be "not secure", while those beginning with 'https' will be secured. https requires a certificate to validate that the website is who it claims to be, and is used to fend off phishing, fraud, and the likes.
While it's a very good measure to take with websites, it's not critical if you're not processing user data. A single html page website likely doesn't need an ssl certificate, but a banking website does.
Just a late night 4Am guess before bed, but I'm guessing they have some asset (image, stylesheet, link) that's linking to a non-https location.
https://www.ssllabs.com/ssltest/analyze.html?d=www.skoolie.net&s=104.25.34.26&latest
Not Secured does not inherently mean danger. A website with the prefix "http" will be "not secure", while those beginning with 'https' will be secured. https requires a certificate to validate that the website is who it claims to be, and is used to fend off phishing, fraud, and the likes.
While it's a very good measure to take with websites, it's not critical if you're not processing user data. A single html page website likely doesn't need an ssl certificate, but a banking website does.
Just a late night 4Am guess before bed, but I'm guessing they have some asset (image, stylesheet, link) that's linking to a non-https location.
brokedown-SKO
Senior Member
It says "not secure" because they're including javascript from insecure URLs:
http://www.googletagservices.com/tag/js/gpt.js
Any time a https site loads any non-https resource you'll see the same thing.
http://www.googletagservices.com/tag/js/gpt.js
Any time a https site loads any non-https resource you'll see the same thing.
OP
OP
milkmania
Senior Member
thanks for the replies and clarification
hopefully some wealthy hacker will feel sorry for me and add some money to my bank account!
hopefully some wealthy hacker will feel sorry for me and add some money to my bank account!
Last edited:
JaredM
Member
Apparently that is normal, and the way they have it setup. The forum add-on vBadvanced was abandoned in 2014. I've asked about it and they are applying "user patches". The vBulletin version they are running ( vBulletin 3.8.8 ) also is unsupported.
https://observatory.mozilla.org/analyze/www.skoolie.net
https://observatory.mozilla.org/analyze/www.skoolie.net
brokedown-SKO
Senior Member
Having previously run a large vbulletin site I can say that I understand the pain involved with the platform and the reasons not to upgrade. With that said, patching a http url to be a https one should be very easy, and there are content rewrite plugins for apache and nginx web servers that can alter http:// to https:// addresses in content on the fly. You can bet that any remote javascript worth injecting is available on https.
We are keeping the current version of the forum software patched and plan to move to another platform (probably Xenforo) in the coming year but there is pain associated with a change and so we are moving cautiously. Xenforo is still a young platform and we've been waiting for a bit more robust (and well tested) platform.
Regarding the not secure message:
Last year google began to push websites to use https instead of http as a security update. A few months ago they began to actually began to display that little red triangle;"not secure" on browser address lines.
The forum software is built on an http platform and so this is difficult. We hand coded an update to make the LOGIN page https. This is the page where user credentials are passed and the only sensitive data we store. Once a member has logged in the site reverts to http (and the alert begins to display in browsers). Using https on all pages actually breaks the forum. Offsite links and hosted images no longer work, ads don't display, photos, etc.
So... as you login the page is secure (https) but once you have logged in the regular site is http. Since no login/pass info is being sent on these pages we believe this is safe and reasonable. There's little we can do to change this until we move to a new forum software platform which eventually we will have to do.
You can read more about the google alerts here: https://www.wired.com/story/google-c...-secure-label/
JaredM
Member
Xenforo 1.0 was launched 2011, and 2.0 in 2017.
Why not use something that is open source and designed for modern devices, such as Discourse? https://www.discourse.org/
Xenforo 1.0 was launched 2011, and 2.0 in 2017.
Why not use something that is open source and designed for modern devices, such as Discourse? https://www.discourse.org/
It was launched several years ago but there are only beginning to be addons that will support our site features. Photo albums, the registry and other features are heavily used here and an important archive of content. A software change is a big deal and so we are considering various options and moving cautiously.
dan-fox
Senior Member
support skoolie.net?
I had thought to start a new thread for this, but it probably fits in this topic just as well. I get a "School Bus Conversion Newsletter" weekly. On the current one (issue 74) I saw the "support" text below and wanted to find out what it was; whether there was some sort of "support" available at the referenced website, or more likely it was a place to toss a few bucks your way (which I would be willing to do; I find a lot of value in this forum).
What I got was a "help" popup from Google Mail detailing the reasons your "via" link didn't meet their standards and was cleansed from the message. I can put that text here, but more than likely you are or will be on track to clean that issue up when you move to the new platform.
School Bus Conversion support@skoolie.net via criticalimpactinc.com
I had thought to start a new thread for this, but it probably fits in this topic just as well. I get a "School Bus Conversion Newsletter" weekly. On the current one (issue 74) I saw the "support" text below and wanted to find out what it was; whether there was some sort of "support" available at the referenced website, or more likely it was a place to toss a few bucks your way (which I would be willing to do; I find a lot of value in this forum).
What I got was a "help" popup from Google Mail detailing the reasons your "via" link didn't meet their standards and was cleansed from the message. I can put that text here, but more than likely you are or will be on track to clean that issue up when you move to the new platform.
School Bus Conversion support@skoolie.net via criticalimpactinc.com
Hi, The site is listed as not secure because it's not using https.
As in http secure or encrypted. For this you need a certificate and the easiest, cheapest and quickest way to get one is "let's encrypt".
Should only take a day or so for someone to set up.
My two bits.
Tobin.
As in http secure or encrypted. For this you need a certificate and the easiest, cheapest and quickest way to get one is "let's encrypt".
Should only take a day or so for someone to set up.
My two bits.
Tobin.
Similar threads
Try RV LIFE Pro Free for 7 Days
- Ad-Free experience on this RV LIFE Community.
- Plan the best RV Safe travel with RV LIFE Trip Wizard.
- Navigate with our RV Safe GPS mobile app.
- and much more...
