Site Security - Fiberglass RV



Reply
 
Thread Tools Search this Thread Display Modes
 
Old 01-21-2019, 06:10 PM   #1
Senior Member
 
Steve L.'s Avatar
 
Name: Steve
Trailer: 2003 Casita 16' SD
Michigan
Posts: 1,875
Registry
Site Security

I was wondering about site security.

Late last year I got a spam note about someone having hacked some website and had gathered the password I use on all two fiberglass websites. The PW was in the letter. Fortunately I used that PW only in these sites. I've changed it subsequently.

I only noticed today that this site is not using https except when I enter my PW. This thread gives me the message shown below. The other site I participate in is all https urls. I never noticed this before so I don't know if the secured url has always been used.

I'm converting to Chrome from IE so I don't know all the ins and outs of the new to me browser, but I'm struck by the coincidence of the "not secure" message and some outside person getting my password.

Do you think I have some Chrome setting I should be sure to enable?
Attached Thumbnails
Not Secure.JPG  
__________________

__________________
Without adult supervision...
Quando omni flunkus, moritati.
Also,
I'm a man, but I can change, if I have to, I guess.
Steve L. is offline   Reply With Quote
Old 01-21-2019, 07:33 PM   #2
Senior Member
 
Name: bob
Trailer: 1984 u-haul ct13; 1996 Casita 17 Spirit Deluxe; 1946 Modernistic teardrop
New York
Posts: 4,816
I'm having a similar issue. It happened after this site required that we use our email address to log in. I'm getting scam messages in my email that are trying to extort money and claiming that a password had been compromised or hacked. It was the password for this site, but also on a couple other sites that I hadn't been on in a long time. These emails all go into my junk mail in the scam or phishing section. One message sender wasn't paying attention and left one letter off the password. As a result I changed my password and don't stay logged in. I only log in to make a comment, then log right out. I don't log in to view threads, so have to put up with advertisements, but that's OK as I don't spend much time here anymore or make very many comments. I was going to ask if anyone else had this happen since the requirement to use an email address to sign in here.
__________________

mary and bob is offline   Reply With Quote
Old 01-21-2019, 08:05 PM   #3
Senior Member
 
Steve L.'s Avatar
 
Name: Steve
Trailer: 2003 Casita 16' SD
Michigan
Posts: 1,875
Registry
It must of been the same guy for us both. I received two emails. One with the full password and one with the first letter of the email missing.

I ignored it as well after doing some research but having the password definitely made me pause.
__________________
Without adult supervision...
Quando omni flunkus, moritati.
Also,
I'm a man, but I can change, if I have to, I guess.
Steve L. is offline   Reply With Quote
Old 01-21-2019, 08:50 PM   #4
Senior Member
 
Name: Daniel A.
Trailer: Bigfoot 17.0 1991 dlx
British Columbia
Posts: 633
Registry
The only time you would need to be concerned about security is on a site where financial transactions are done for all other sites just having a good anti virus tool in place on your computer is the way to go.
Daniel A. is offline   Reply With Quote
Old 01-22-2019, 07:21 AM   #5
Senior Member
 
Name: Gordon
Trailer: 2015 Scamp (16 Std Layout 4) with '15 Toyota Sienna LE Tug
North Carolina
Posts: 3,184
Also discussed before as an off shoot of a thread about the new log in... starting with my post here, and a reply from admin a few posts later:
Couldn't log in!

As I said in the post, I still think it should be all secured but its not up to me.
gordon2 is online now   Reply With Quote
Old 01-22-2019, 07:44 AM   #6
Senior Member
 
Steve L.'s Avatar
 
Name: Steve
Trailer: 2003 Casita 16' SD
Michigan
Posts: 1,875
Registry
Quote:
Originally Posted by gordon2 View Post
Also discussed before as an off shoot of a thread about the new log in... starting with my post here, and a reply from admin a few posts later:
Couldn't log in!

As I said in the post, I still think it should be all secured but its not up to me.
Good reference. I don't always read threads to the end. It's an explanation. I'm not sure how thrilled I am about it but, there it is.
__________________
Without adult supervision...
Quando omni flunkus, moritati.
Also,
I'm a man, but I can change, if I have to, I guess.
Steve L. is offline   Reply With Quote
Old 01-22-2019, 11:38 AM   #7
Administrator
 
Janet H's Avatar
 
Name: Janet
Trailer: Argosy
Washington
Posts: 1,920
Registry
The notice you are seeing is generated by your browser and is unrelated to the e-mail login.

Last year google began to push websites to use https instead of http as a security update. A few months ago they began to actually began to display that little red triangle;"not secure" on browser address lines.

The forum software is built on an http platform and so this is difficult. We hand coded an update to make the LOGIN page https. This is the page where user credentials are passed and the only sensitive data we store. Once a member has logged in the site reverts to http (and the alert begins to display in browsers). Using https on all pages actually breaks some things the forum. Offsite links and hosted images no longer work, ads don't display, photos, etc.

So... as you login the page is secure (https) but once you have logged in the regular site is http. Since no login/pass info is being sent on these pages we believe this is safe and reasonable. There's little we can do to change this until we move to a new forum software platform which eventually we will have to do.

You can read more about the google alerts here: https://www.wired.com/story/google-c...-secure-label/
__________________
.
FGRV Forum Custom Search
Janet H is offline   Reply With Quote
Old 03-21-2019, 01:12 AM   #8
Senior Member
 
Roy in TO's Avatar
 
Name: Roy
Trailer: 1972 boler American and 1979 Trillium 4500
Ontario
Posts: 4,996
Quote:
Originally Posted by Steve L. View Post
I was wondering about site security.

Late last year I got a spam note about someone having hacked some website and had gathered the password I use on all two fiberglass websites. The PW was in the letter. Fortunately I used that PW only in these sites. I've changed it subsequently.
Quote:
Originally Posted by mary and bob View Post
I'm having a similar issue. It happened after this site required that we use our email address to log in. I'm getting scam messages in my email that are trying to extort money and claiming that a password had been compromised or hacked. It was the password for this site, but also on a couple other sites that I hadn't been on in a long time.

I've had a number of them as well. My password that the emails disclosed was unique to this site. I made admin aware of this in early 2017. I pointed out that it was likely due to the cloudbleed data leak. https://en.wikipedia.org/wiki/Cloudbleed


Admin responded with "You should be safe" since they switched to the secure login. Perhaps now that is the case. Switching the method of login does not remediate a data breach.



IMHO the dark web is just as efficient at collection and pooling of data sets as Google.
Roy in TO is offline   Reply With Quote
Old 03-21-2019, 04:02 AM   #9
Senior Member
 
Name: Gerry
Trailer: 1979 Boler 1300 / 1991 Casita Freedom Deluxe
Maine
Posts: 1,574
Quote:
Originally Posted by Janet H View Post
The notice you are seeing is generated by your browser and is unrelated to the e-mail login.

Last year google began to push websites to use https instead of http as a security update. A few months ago they began to actually began to display that little red triangle;"not secure" on browser address lines.

The forum software is built on an http platform and so this is difficult. We hand coded an update to make the LOGIN page https. This is the page where user credentials are passed and the only sensitive data we store. Once a member has logged in the site reverts to http (and the alert begins to display in browsers). Using https on all pages actually breaks some things the forum. Offsite links an.
d hosted images no longer work, ads don't display, photos, etc
So... as you login the page is secure (https) but once you have logged in the regular site is http. Since no login/pass info is being sent on these pages we believe this is safe and reasonable. There's little we can do to change this until we move to a new forum software platform which eventually we will have to do.

You can read more about the google alerts here: https://www.wired.com/story/google-c...-secure-label/
So this may be the reason that I can not post pictures in my post?
__________________

Gerry is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Web site for free camp site when traveling... Gilles General Chat 14 02-03-2017 01:13 PM
Microsoft Security Patch Donna D. General Chat 10 01-01-2006 01:47 AM
Homeland security Legacy Posts Jokes, Stories & Tall Tales 4 04-16-2003 08:41 AM

» Trailer Showcase

Scamp

MsMouse

Beulah

F.Bishop
» Upcoming Events
No events scheduled in
the next 465 days.
» Featured Campgrounds

Reviews provided by


Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -6. The time now is 06:13 AM.


Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2019, vBulletin Solutions Inc.