Food Allergy Support

Welcome => FAS Committee => Topic started by: nameless on January 01, 2019, 09:39:39 PM

Food Allergy Support is now on Twitter. Follow us @FASupport. You may also follow our Tweets in our new global footer at the bottom of the page here at FAS!

FAS has upgraded our forum security. Some members may need to log in again. If you are unable to remember your login information, please email food.allergy.supt@flash.net and we will help you get back in. Thanks for your patience!

Title: FAS "Not Secure" in browser
Post by: nameless on January 01, 2019, 09:39:39 PM
hi all admin-types --- I just noticed that in my browser bar FAS is showing as "Not Secure" which means it's no longer an https connection. When did that happen? In my browser it's bookmarked/saved as Https which it used to be, right?

I just want to put out a warning to folks to not use a password for their FAS account they use anywhere else, particularly if it's attached to the email address they use for FAS.

thoughts?
Title: Re: FAS "Not Secure" in browser
Post by: SilverLining on January 02, 2019, 07:00:06 AM
I’m not seeing that, but I don’t have to sign in each visit. Would that be why?

I did suddenly start seeing that message on a different forum though.
Title: Re: FAS "Not Secure" in browser
Post by: Rebekah on January 02, 2019, 09:27:34 AM
Looks like I need to install an update, but it’s not working right.
Title: Re: FAS "Not Secure" in browser
Post by: rebekahc on January 02, 2019, 09:30:16 AM
Wow, that was weird - not sure if it was my computer or the site, but I logged out and then couldn't get logged in again.  My user name and password kept disappearing as soon as I hit the login button.
Title: Re: FAS "Not Secure" in browser
Post by: rebekahc on January 02, 2019, 12:25:56 PM
After working with tech support on making sure the updates went through correctly, I asked again about securing the site.  I would need to pay for an SSL certificate each year - it must have stopped being included in my annual costs at the end of November when the contract renewed.  Adding it will double my cost.  :-/
Title: Re: FAS "Not Secure" in browser
Post by: rebekahc on January 02, 2019, 02:39:45 PM
Okay, I've been working with our provider and we should be good to go with https now.  Some members may need to enter their password again.  If anyone has trouble remembering your password and no longer has access to the email address linked with your account, please get in touch with me and I can either update your email address in your profile and then you can use password recovery or I can just assign you a new temporary password to gain access and you can set a new one in your profile.
Title: Re: FAS "Not Secure" in browser
Post by: Stinky10 on January 02, 2019, 06:26:38 PM
I'd be happy to contribute some $$$

also the site is really slow today
Title: Re: FAS "Not Secure" in browser
Post by: Stinky10 on January 02, 2019, 06:28:19 PM
and  I AM seeing the "Not secure" to the left of https://foodallergysupport.olicentral.com/index.php?action=post;topic=12456.0;last_msg=281820
Title: Re: FAS "Not Secure" in browser
Post by: rebekahc on January 02, 2019, 06:45:21 PM
Stinky, thanks for offering to contribute.  :smooch:  We’re looking at how to work the logistics of that, now.  Once we have a plan in place, we’ll post about it.

I’m getting the https on everything I see and Firefox no longer shows the lock with the red line through it. Maybe if you log out and log back in?
Title: Re: FAS "Not Secure" in browser
Post by: nameless on January 02, 2019, 07:30:08 PM
Thanks! It shows as secure https to me now, which is good.

It still might warrant a warning to folks to change their password and if they used the same password elsewhere to change that as well. Not sure ya'lls background, and I don't want to come off as "mansplainy" (not sure what the female equivalent of that is?) It's not  my intention...OK -- so if a website isn't https and just http that means that if a user logs in then anyone on their wifi network (like it's a public one, Xfinity, Starbucks, etc.) or sniffing around cell tower traffic will be able to read that login information. It's not protected or encrypted very well. Then, if the email is sniffable, the bad-person will go around and try various websites (usually with a script or bot) trying to log in with that email address and password combo.

Not sure what the risk is for OLICentral sites and if they use a different layer/protocol that would help protect, but I'm guessing it doesn't.

I think setting up a Go Fund Me or something to get the funds needed, folks would do it :)
Title: Re: FAS "Not Secure" in browser
Post by: Macabre on January 02, 2019, 08:43:48 PM
Thanks, nameless. I didn’t realize the url wasn’t SSL, since I only use my phone to come here. I’m glad you noticed. I should have.
Title: Re: FAS "Not Secure" in browser
Post by: Stinky10 on January 03, 2019, 02:16:14 PM
I logged in and out and still see Not Secure at the top - but only in the forums - not on the index

also the site is slow - feels like there is a redirect going on
Title: Re: FAS "Not Secure" in browser
Post by: rebekahc on January 03, 2019, 02:30:17 PM
We have two domain names that redirect to our actual site.  foodallergysupport.com and .org both redirect to foodallergysupport.olicentral.com  I haven't noticed any unusual slowness and all my pages show https.  Not sure what could be going on with yours, perhaps Nameless (who is not womansplaining because she actually has much more knowledge than I do ;) ) would have some ideas?
Title: Re: FAS "Not Secure" in browser
Post by: Stinky10 on January 03, 2019, 02:43:25 PM
I'll reboot later and try different browsers
but every click on this site - has a pause - pause - then go
just started
and still says not secure - in lots of pages - I see it now. 

anyway my password is BringonSummer2019!**12# 

hahahahaaa….kidding...
Title: Re: FAS "Not Secure" in browser
Post by: rebekahc on January 03, 2019, 02:48:24 PM
Okay, I read up on it a bit.  It seems our site is transmitted in https, but some of our content may still be in http.  Just on a cursory check, it appears the image for our banner at the top is in http, but so far everything else I see is https.  The banner is hosted at photobucket and I'm scared to mess with it right now since photobucket now wants to be paid for what used to be free.  Once I can find a way to either get a new banner or transfer what we have to another image hosting site, I'll see if that fixes the mixed http/https issue.
Title: Re: FAS "Not Secure" in browser
Post by: nameless on January 03, 2019, 05:46:23 PM
I'll reboot later and try different browsers
but every click on this site - has a pause - pause - then go
just started
and still says not secure - in lots of pages - I see it now. 

anyway my password is BringonSummer2019!**12# 

hahahahaaa….kidding...

<tech support mode>

What browser and what OS are you on (windows/mac)?

Which specific pages? Copy link and paste here.

Try Chrome and see what happens. As already pointed out, it should not show the "Not Secure" but has a little 'i' icon to click and get the info some images are coming from an http address. Could be people's bio pics.

Usual steps:
- clear yo' browser cookies
- shut down and start up your computer...not a restart, but a full shutdown and hard start (it does more resetting of thangs)
Title: Re: FAS "Not Secure" in browser
Post by: Stinky10 on January 03, 2019, 08:17:42 PM
Windows and Edge - I know..... I know....but I like it.  Just don't try to use Edge and fill out a form or do anything...…


I'll see what tomorrow and a full restart brings.

I can't copy the "not secure"  - yes it's a little i icon - it says to Be Careful that some content is not encrypted....


I'm going home..... will see what my home system is doing....
Title: Re: FAS "Not Secure" in browser
Post by: nameless on January 03, 2019, 08:48:41 PM
Windows and Edge - I know..... I know....but I like it.  Just don't try to use Edge and fill out a form or do anything...…


I'll see what tomorrow and a full restart brings.

I can't copy the "not secure"  - yes it's a little i icon - it says to Be Careful that some content is not encrypted....


I'm going home..... will see what my home system is doing....

...don't need you copy the Not Secure words...copy the URL from the browser and paste here so we can see what the specific pages are that show as Not Secure  :)

I'm not sure what messages Edge will give, but given everything else it seems like it's Edge specific and that if one thing isn't secure, it'll show as Not Secure.

In Chrome, the "Not Secure" or "red broken lock icon" went away when we went back to https, but now it's the little info icon that mentions images.
Title: Re: FAS "Not Secure" in browser
Post by: SilverLining on January 03, 2019, 09:47:02 PM
That was not fun. But managed to change password. Now pages open slower.
Title: Re: FAS "Not Secure" in browser
Post by: PurpleCat on January 04, 2019, 07:05:55 AM
I also can not paste a screenshot here, I use Firefox and have been unsecure as well. I was watching to see if it was fixed but I am chiming in this morning.

And I too have long delays.  And I never stay logged in.

In a drop down box when I chose the image of a lock with a yellow triangle with an exclamation point in it, it says the connection is unsecure and goes on about content like photos are not private.

And yes, the address is https://blah blah
Title: Re: FAS "Not Secure" in browser
Post by: hedgehog on January 04, 2019, 07:24:25 AM
It's showing not secure in Explorer on my computer.  And has been slow.
Title: Re: FAS "Not Secure" in browser
Post by: GoingNuts on January 04, 2019, 07:50:42 AM
Mine is saying https, and I'm remaining logged in.  But yes, very s-l-o-w this morning.

ETA - I'm using Chrome.
Title: Re: FAS "Not Secure" in browser
Post by: rebekahc on January 04, 2019, 11:05:46 AM
Yes, the site is secure save for (as far as I can tell) the one image that's transmitting in HTTP.

I'm not sure why the slowness.  I noticed it last night on my iPad, but I don't notice it on my computer.  I can contact tech support and see if there's a solution.  On my iPad, the loading bar would pause at about 10% and then jump to 100% rather than just a steady pace across the bar, so I'm not really sure if it was taking longer to fully load overall or if it was just a noticeable pause and then a jump to fully loaded for the same amount of overall time.

PC, try logging in by clicking the login button rather than entering your information on the home page.  Then, before submitting make sure to click stay logged in.  That seemed to fix the logging out issue for me.
Title: Re: FAS "Not Secure" in browser
Post by: Stinky10 on January 04, 2019, 12:29:12 PM
I see "not secure" on this page - this one - the one I'm on....

https://foodallergysupport.olicentral.com/index.php/topic,12456.msg281938/boardseen.html#new  - still using Edge....
Title: Re: FAS "Not Secure" in browser
Post by: Stinky10 on January 04, 2019, 12:33:25 PM
Using Chrome - still slow and the little i is there and says that some images might not be secure and hackers could alter them and trick me!
Title: Re: FAS "Not Secure" in browser
Post by: Stinky10 on January 04, 2019, 12:45:18 PM
In Chrome the little i is always there......no matter where I go. 
Title: Re: FAS "Not Secure" in browser
Post by: nameless on January 05, 2019, 11:36:49 AM
Using Chrome - still slow and the little i is there and says that some images might not be secure and hackers could alter them and trick me!

That's what we are all seeing too (on Chrome) --- the little (i) and then the message about images not being secure. On Edge - it seems their messaging just shows differently, but there aren't any additional issues.

You're good - seeing what we are seeing/experiencing and nothing extra.

Images will do that --- as already pointed out --- like the banner image, folks' avatar images, anything in a post, etc. if it's not coming from an https.
Title: Re: FAS "Not Secure" in browser
Post by: BensMom on January 05, 2019, 11:50:04 AM
Slow here too, using firefox. I had the locked thing--https, but now posting I have an warning that some parts are not secure ("Parts of this page are not secure, such as images.") Maybe that's the banner thing, but it's only happening in a post screen.
Title: Re: FAS "Not Secure" in browser
Post by: Ciel on January 06, 2019, 09:16:43 AM
It’s a bit slow for me (not sure if it’s my internet though). Using Safari.  Otherwise no trouble. I did not have to log in again - never got logged out. Still shows https. Never got any messages about security.

Maybe I didn’t click over to the site at the right time? But still didn’t have to log back in. I haven’t tried posting images, My avatar is fine.

Just posting FYI in case it is useful.

Title: Re: FAS "Not Secure" in browser
Post by: Macabre on January 06, 2019, 10:13:05 AM
I’m not seeing anything in safari. And I haven’t.

It’s just slow//hangs up at about 10% for a second and then loads.
Title: Re: FAS "Not Secure" in browser
Post by: Macabre on January 06, 2019, 10:15:25 AM
So RC do you think the security warning could go away once we’ve replaced the banner (which will happen very soon—we have a new banner). Or do you think all the profile pics will be a problem if they’re at Photobucket?
Title: Re: FAS "Not Secure" in browser
Post by: rebekahc on January 06, 2019, 12:10:10 PM
I think images from photobucket (and maybe other places) could cause issues - any image hosted as http will. However, the warning shouldn’t be for every page once the banner is fixed and that’s the easist for me to fix without having members re-do avatars and searching through years of posts for any vulnerable images.  The likelihood of a hacker trying to use an image vulnerability is pretty low so by fixing the easily found banner I think it will be fine. Some of the avatars are stored on site, so those won’t be an issue. I could load the others to our site and prevent new users from uploading their own, but I don’t think there would be a way to prevent someone else from using your avatar if I upload it to the site. I can also look at the settings for members posting pictures and see if I can restrict future images to https.
Title: Re: FAS "Not Secure" in browser
Post by: Macabre on January 06, 2019, 02:21:46 PM
I think the last thing is the only thing that really makes sense from a time investment perspective.
Title: Re: FAS "Not Secure" in browser
Post by: nameless on January 06, 2019, 02:51:32 PM
...re: images

On the site/forum settings that admins can see, there might be a check box for only allowing https embedding. It's a pretty typical setting, but not sure if you have it on your dashboard.

If not - I also agree that it's not worth the time to cull avatar images and such vs the actual risk of bad behavior by someone intending to do something bad.
Title: Re: FAS "Not Secure" in browser
Post by: Stinky10 on January 07, 2019, 01:51:25 PM
I'm not seeing the not secure warning anymore and seems to be running a bit faster
Title: Re: FAS "Not Secure" in browser
Post by: PurpleCat on January 07, 2019, 05:01:50 PM
Still have it here.

Love the new banner but why does it go back to the old one when I log in?
Title: Re: FAS "Not Secure" in browser
Post by: Macabre on January 07, 2019, 05:23:10 PM
Try clearing your cache.
Title: Re: FAS "Not Secure" in browser
Post by: PurpleCat on August 30, 2019, 06:30:37 PM
7 months later I figure it out.  I was using the Curve Theme it is easier on my eyes. 

Well I just switched to this on that it appears the majority here use and finally, when I am logged in the site is secure. 

The blue is very bright to my eyes.  Any idea how to dim it?