Spectrum Computing

Navigating to spectrumcomputing.co.uk/forums/ takes you to the insecure http port. It doesn't redirect to the https port, so browsers complain about insecurities, etc.

You should get that fixed.

Another side-effect of the forum being accessed by http is that login quietly fails. In Vivaldi 1.12.955.48 at least. Just ran into that problem myself now. So switch to https if login looks like it's not working.

OK, it should be working now. I have edited the settings in phpBB and added some code to the .htaccess file. You will probably need to delete cookies.

I didn't have any problems all day, then in the last hour I started to get the certification error. Just cleared cookies and I can log in without the same warnings but it still says certificate error at the top of the screen. Weird.

I have this error too. You can force Firefox to ignore it but it's uncomfortable and may put many people away from entering the forums. It would be really urgent to correct it.

Hi,

Its strange I'm testing it on multiple machines and browsers and not getting an error. Can you post a screenshot of the error?



Thanks

Here we go. Microsoft Edge.

R-Tape wrote: ↑Mon Nov 13, 2017 8:53 pm

Here we go. Microsoft Edge.

Is Microsoft Edge hiding the full domain name per-chance? (Maybe the domain in the URL bar is actually "www.spectrumcomputing.co.uk"). I noticed a few redirects earlier ending up on www. (After clicking a link in the Notifications dropdown in the top bar, and posting a response to a post, but both of those PeterJ seems to have fixed now).

This is strange, I get know problems on Edge. If there are any security experts out there who can help please send me a PM.

Peter

Cleared all history again.

I type spectrumcomputing.co.uk, takes me here no problem:

https://spectrumcomputing.co.uk/

I click the forums button, takes me here no problem.

https://spectrumcomputing.co.uk/forums/

I click login, takes me here no problem:

ucp.php?mode=login

I type in my user/password, and it goes here:

ucp.php?mode=login

Firstly this ^doesn't work, just hangs as a blank page.

I click the back button, takes me here:

............

and that has the full page certificate thing.

Thanks, I will need to research this.

I have no idea if it's relevant, only that Mike mentioned it, but the last one is the only page with 'www', though the problem was the page before that.

OK, I have made a another change (Thanks to Mike for the clue). I get an error with the first page of this topic, but nowhere else.

And now it's working okay. Did you change anything?

Working for me too, no errors. Hopefully that's that, well done.

Ralf wrote: ↑Mon Nov 13, 2017 9:15 pm And now it's working okay. Did you change anything?

There was a random www in one of the security settings.
phpBB is not the easiest system to configure. Glad it's working. Over and out for tonight.

PeterJ wrote: ↑Mon Nov 13, 2017 9:14 pm OK, I have made a another change (Thanks to Mike for the clue). I get an error with the first page of this topic, but nowhere else.

You're getting the error on the first page due to R-Tape's screen shot coming from elsewhere: http://stonechatproductions.co.uk/zxgam ... SCperm.gif

There should be a setting or module available for phpBB to support this.

Maybe see: https://area51.phpbb.com/phpBB/viewtopic.php?t=50956 and https://github.com/phpbb-extensions/camosslimageproxy

No idea if these are any good.

Not quite there...

spectrumcomputing.co.uk correctly redirects to https://spectrumcomputing.co.uk/

www.spectrumcomputing.co.uk correctly redirects to https://spectrumcomputing.co.uk/

http://spectrumcomputing.co.uk/ correctly redirects to https://spectrumcomputing.co.uk/

http://www.spectrumcomputing.co.uk correctly redirects to https://spectrumcomputing.co.uk/

But!

https://www.spectrumcomputing.co.uk/ doesn't redirect. It complains about the certificate domain being wrong.

PeterJ wrote: ↑Mon Nov 13, 2017 9:00 pm If there are any security experts out there who can help please send me a PM.

Long-time WoS lurker but registering here to offer some assistance

The SSL certificate presented here is only valid for 'spectrumcomputing.co.uk' but not 'www.spectrumcomputing.co.uk'.

You can see this here: https://www.ssllabs.com/ssltest/analyze ... Results=on

As you can see, the certificate does not list 'www.spectrumcomputing.co.uk' anywhere so any client who tries to access via 'www.spectrumcomputing.co.uk' will fail to validate the certificate.

The solution is to reconfigure your LetsEncrypt client to request a certificate containing both names; feel free to PM me if you need some help in doing this.

In firefix there's a warning about connection not being secure, "Parts of this page are not secure (such as images)"

HexTank wrote: ↑Thu Nov 16, 2017 12:17 pm In firefix there's a warning about connection not being secure, "Parts of this page are not secure (such as images)"

Can you paste in the URL of the page you are seeing this warning on?
It's typically because one or more of the images, or embeds on the page isn't an https reference.

All pages do it. I think it is either the logo picture, or the associated link: http://spectrumcomputing.co.uk/

EDIT: it's the link, as loading the GIF image alone does not generate the warning.

Mark

Yes, as Mark said, it happens everywhere, even this thread

viewtopic.php?f=29&t=37&p=580#p580 for reference.

Hello. It's pages where users have inserted images hosted elsewhere. This page of this thread is currently fine.

I'm aware of the issue, and need to find a time to look at fixes, but for now it is as it is. Sorry.

Someone posted some possible solutions earlier in the week that I will look at.

Peter

I did my investigations on the FAQ page...
No user images or links there as far as I could see...

Mark