New sign-in procedure - Page 2 - Fiberglass RV


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 02-14-2019, 03:07 PM   #21
Administrator
 
Janet H's Avatar
 
Name: Janet
Trailer: Argosy
Washington
Posts: 2,090
Registry
I'm sorry you are having trouble.

As you login, click the "remember me" box. Make sure that you allow cookie exchange with the site - we use them to keep you logged in.

If you have done this and continue to have trouble can you post up some details about your device and browser so we can try to help?
__________________
.
FGRV Forum Custom Search
Janet H is offline   Reply With Quote
Old 02-14-2019, 04:15 PM   #22
member
 
Name: J
Isle of Wight
Posts: 536
Quote:
Originally Posted by Janet H View Post
I'm sorry you are having trouble.

As you login, click the "remember me" box. Make sure that you allow cookie exchange with the site - we use them to keep you logged in.

If you have done this and continue to have trouble can you post up some details about your device and browser so we can try to help?
If this was directed at me I see 5 cookies from fiberglassrv.com and 25 from The Fiberglass RV Community
I can see fgrv_password and fgrv_userid cookies.
(and fgrvsso_password and fgrvsso_userid cookies)
- and they were all created last December

Hp Pavilion laptop, Windows 10, chrome browser.
WizWid is offline   Reply With Quote
Old 02-14-2019, 06:09 PM   #23
Senior Member
 
Name: Jann
Trailer: Casita
Colorado
Posts: 945
Quote:
Originally Posted by Glenn Baglo View Post
Did you check the "Remember Me" box?
Also, I and many others don't log out. Don't know any reason to do so.
Yes I have checked the Remember me box in both areas. I have to put in my user name and password then another box comes up and I have to put in my email and password. I check the remember me box both places and again I had to do all that again. I never log out. Sometimes I am told my password is not correct but I know it is since I write my passwords down and am careful to put them in correctly.
Jann Todd is offline   Reply With Quote
Old 02-14-2019, 06:11 PM   #24
Senior Member
 
Name: Jann
Trailer: Casita
Colorado
Posts: 945
Quote:
Originally Posted by stude View Post
Every time I go to talk to someone I have to re-log into site, if this is going to keep up then so be it, I have a lot of other sites that do not put me through the Hassle which means no more little trailers to pass onto others.
stude
Same problem here.
Jann Todd is offline   Reply With Quote
Old 02-14-2019, 06:16 PM   #25
Administrator
 
Janet H's Avatar
 
Name: Janet
Trailer: Argosy
Washington
Posts: 2,090
Registry
Quote:
Originally Posted by Jann Todd View Post
Yes I have checked the Remember me box in both areas. I have to put in my user name and password then another box comes up and I have to put in my email and password. I check the remember me box both places and again I had to do all that again. I never log out. Sometimes I am told my password is not correct but I know it is since I write my passwords down and am careful to put them in correctly.

There is no place on the site you should be entering a username and password to login if you are using the full browser version of the site. You should always be entering e-mail and password to login.
__________________
.
FGRV Forum Custom Search
Janet H is offline   Reply With Quote
Old 02-20-2019, 03:54 PM   #26
Member
 
Name: Bryan
Trailer: Carefree
British Columbia
Posts: 94
Quote:
Originally Posted by Cathy P. View Post
I didn't have a problem. Campground Reviews sign in? Never saw that anywhere here. Maybe some hiccup in the system.



Oh it is VERY MUCH a real thing. I own a software company and even I had issues. There are 2 different login forms in the mix - the regular one and that Campground Reviews one if you fail to login with the normal one. The problem seems to be both forms require a user ID, but one of them expects your e-mail address not your user ID.


Tech fail 101 that - very frustrating and a waste of time IMHO


BTW...I was able to use a forgot password feature on BOTH forms. If the Campground Reviews login should not be there, then EVERYONE THAT HAS SEEN IT AND SUBMITTED IT SHOULD UPDATE THEIR CREDENTIALS RIGHT NOW as it may be a hack that has been injected into this site to capture account credentials that are then used to check every major online site to see if you are a member there and lazy with your credentials.


Admin - please reply for confirmation.


-Bryan
CarefreeLad is offline   Reply With Quote
Old 02-20-2019, 03:59 PM   #27
Member
 
Name: Bryan
Trailer: Carefree
British Columbia
Posts: 94
Quote:
Originally Posted by widgetwizard View Post
If this was directed at me I see 5 cookies from fiberglassrv.com and 25 from The Fiberglass RV Community
I can see fgrv_password and fgrv_userid cookies.
(and fgrvsso_password and fgrvsso_userid cookies)
- and they were all created last December

Hp Pavilion laptop, Windows 10, chrome browser.

Did you see the values of the cookies? I'm rather alarmed there is a password cookie - better have it's value encrypted or that is a huge security hole!
CarefreeLad is offline   Reply With Quote
Old 02-20-2019, 04:08 PM   #28
Member
 
Name: Bryan
Trailer: Carefree
British Columbia
Posts: 94
dug out my cookies - see even more variations on cookie names "fgrv....." - see 3 different password cookies - values appear encrypted - so that's one concern dead!!
CarefreeLad is offline   Reply With Quote
Old 02-20-2019, 05:33 PM   #29
Administrator
 
Janet H's Avatar
 
Name: Janet
Trailer: Argosy
Washington
Posts: 2,090
Registry
Quote:
Originally Posted by CarefreeLad View Post
Did you see the values of the cookies? I'm rather alarmed there is a password cookie - better have it's value encrypted or that is a huge security hole!
Passwords are encrypted but there is also a login cookie, if you clicked the 'remember me' option.

Regarding your other concern... Do you have any screen shots you can help with so we can investigate further? We take site security seriously and if you are seeing some concern, please let me know some details.
__________________
.
FGRV Forum Custom Search
Janet H is offline   Reply With Quote
Old 02-20-2019, 06:14 PM   #30
Member
 
Name: Bryan
Trailer: Carefree
British Columbia
Posts: 94
Quote:
Originally Posted by Janet H View Post
Passwords are encrypted but there is also a login cookie, if you clicked the 'remember me' option.

Regarding your other concern... Do you have any screen shots you can help with so we can investigate further? We take site security seriously and if you are seeing some concern, please let me know some details.

Thanks Janet!


As I've already posted - cookie values appear encrypted - this is good news!!


As to the multiple login forms and you not being aware of the one several folks have mentioned - that is of great concern until understood.


I may be risking my own security to test it if it is in fact capturing login credentials and sending them to some bad actor.


I'm really quite busy with a deadline this week, but I can help next if you'd like?


I simply couldn't avoid the 2nd login form, so I bet you can find it. Logout of the site - clear your browsers cookies for fiberglassrv.com. - login with known bad credentials - they next thing you see should be the mystery login form. I saw it EVERY time I failed to login at the form I'm used to.


I'm changing my password now just in case I'm right - hope that I am not, but hope doesn't stop bad folks...same as locks don't
CarefreeLad is offline   Reply With Quote
Old 02-20-2019, 07:52 PM   #31
Member
 
Name: Bryan
Trailer: Carefree
British Columbia
Posts: 94
Hi Janet,


I had to login agin after chaging my password and clearing my cookies (losing my "keep me logged in" details).


I went to login again at a URL to login via the vBulletin form which was NOT SSL encrypted - major bad form for the security minded I'm sorry to say.


There is a simple setting in IIS on the webserver to FORCE the use of SSl for ALL URLS for a domain - like fiberglassrvs.com for example.


You really must do this as the world has moved on to a new level of digital security and left the older ways behind - all banking and web service/shopping/streaming/government sites have ben forced to follow the standard of SSL encryption for all web traffic to/from a domain.


That vBulletin form seems to just take you to the "2nd" login form "RV Life ID related" (I say "just take" because I enter valid credentials and it fails every time and takes me to the 2nd login form). Now thankfully that 2nd form is SSL protected.


Of course once logged in I was horrified to see no SSL encryption used for user management pages like changing your password!


So - easy fix...a SSL certificate costs less than $100/year and can be installed on the server and setup for your domain for maybe $25 or so. The IIS setting change to force SSL should be free in my opinion. If you own the server and do the admin - all you pay for is the certificate.


Don't waste time please - thanks
CarefreeLad is offline   Reply With Quote
Old 02-20-2019, 08:27 PM   #32
Senior Member
 
Glenn Baglo's Avatar
 
Name: Glenn ( second 'n' is silent )
Trailer: 2009 Escape 17B 2020 Toyota Highlander XLE
British Columbia
Posts: 7,186
What will happen if bad guys get my log in and password for FGRV?
Will they post an opinion under my name that I don't agree with?
__________________
What happens to the hole when the cheese is gone?
- Bertolt Brecht
Glenn Baglo is offline   Reply With Quote
Old 02-20-2019, 08:39 PM   #33
Administrator
 
Janet H's Avatar
 
Name: Janet
Trailer: Argosy
Washington
Posts: 2,090
Registry
Quote:
Originally Posted by CarefreeLad View Post

Of course once logged in I was horrified to see no SSL encryption used for user management pages like changing your password!

Pages in your userCP where you updated both e-mail and password are encrypted and have been for a long while. Here's the link: https://www.fiberglassrv.com/forums/usercp.php
__________________
.
FGRV Forum Custom Search
Janet H is offline   Reply With Quote
Old 02-21-2019, 10:39 AM   #34
Member
 
Name: Bryan
Trailer: Carefree
British Columbia
Posts: 94
Quote:
Originally Posted by Glenn Baglo View Post
What will happen if bad guys get my log in and password for FGRV?
Will they post an opinion under my name that I don't agree with?

Well Glen....flippant responses tell me you know nothing of web security...so allow me to educate you


For starters....it's not just about you Glen....it's about everyone on this site and all other sites that all of us may use that require a login.


The fact that this site allows account credentials to be submitted without encryption via SSL means that bad folks can "sniff" out that data being transferred from your browser to the web server. When they do they get our account credentials.


What they then do is attempt to login at all the major sites - Amazon, all banking sites, investment sites, social media, anywhere they might find that YOU used the same username and password there as you do HERE and perhaps get at your money or identity. They can automate this process to make it super easy to find lazy users that use the same user/pass anywhere they need to login.


So Glen, it's not about someone logging in here with your credentials to post comments on your behalf - no money in that now is there. They are after money or identity and they use sites like this to feed their arsenal to do just that.


I'm trying to help the users of this site that are in peril and help whoever the heck owns this site to clean up their mess - not hard at all nor expensive.


Anything else Glen?
CarefreeLad is offline   Reply With Quote
Old 02-21-2019, 10:49 AM   #35
Administrator
 
Janet H's Avatar
 
Name: Janet
Trailer: Argosy
Washington
Posts: 2,090
Registry
Quote:
Originally Posted by CarefreeLad View Post

I'm trying to help the users of this site that are in peril and help whoever the heck owns this site to clean up their mess - not hard at all nor expensive.


Anything else Glen?
This little bit of trolly-ness is rude and not helpful.

I asked for additional info earlier which you did not provide. If you have a concern and genuine interest in helping find a resolution, than please do more than take pot shots. Actually be helpful. This is one of the foundational concepts of this community.

If you are seeing unsecure pages where credentials are passed please check your settings. It's likely that you are using the old unsupported view of the site. We left this up as a courtesy but with the proviso that it would be no longer supported. Scroll down to the bottom of the page and check to make sure you are using version 2.0

The selection option is in the lower left corner.

Click image for larger version

Name:	fgrv_v.2.jpg
Views:	6
Size:	7.8 KB
ID:	128015
__________________
.
FGRV Forum Custom Search
Janet H is offline   Reply With Quote
Old 02-21-2019, 10:49 AM   #36
Member
 
Name: Bryan
Trailer: Carefree
British Columbia
Posts: 94
Quote:
Originally Posted by Janet H View Post
Pages in your userCP where you updated both e-mail and password are encrypted and have been for a long while. Here's the link: https://www.fiberglassrv.com/forums/usercp.php



Sorry to say Janet - I ended up on an insecure page last night. I think what is going on is there are some bad links that still point to http only and not https.


For example I had to reset my password yet again today and the end result was landing on an http only login form.


You guys have security issues you need to fix.
CarefreeLad is offline   Reply With Quote
Old 02-21-2019, 10:53 AM   #37
Administrator
 
Janet H's Avatar
 
Name: Janet
Trailer: Argosy
Washington
Posts: 2,090
Registry
Quote:
Originally Posted by CarefreeLad View Post
Sorry to say Janet - I ended up on an insecure page last night. I think what is going on is there are some bad links that still point to http only and not https.


For example I had to reset my password yet again today and the end result was landing on an http only login form.


You guys have security issues you need to fix.
What version of the site are you looking at? Screen shot please.
__________________
.
FGRV Forum Custom Search
Janet H is offline   Reply With Quote
Old 02-21-2019, 10:54 AM   #38
Member
 
Name: Bryan
Trailer: Carefree
British Columbia
Posts: 94
Quote:
Originally Posted by Janet H View Post
This little bit of trolly-ness is rude and not helpful.

I asked for additional info earlier which you did not provide. If you have a concern and genuine interest in helping find a resolution, than please do more than take pot shots. Actually be helpful. This is one of the foundational concepts of this community.

If you are seeing unsecure pages where credentials are passed please check your settings. It's likely that you are using the old unsupported view of the site. We left this up as a courtesy but with the proviso that it would be no longer supported. Scroll down to the bottom of the page and check to make sure you are using version 2.0

The selection option is in the lower left corner.

Attachment 128015

I'll send you the insecure login form shortly.


By leaving some old version up you have created this security issue - old links pointing to insecure login pages. Whether you support the old site or not does not change the fact that folks can end up on insecure forms and thus pass their plain text credentials.


gimme a few to find the insecure form and as many ways to end up there as I can.


BTW...yes I am at FGRV v 2.0


As for "This little bit of trolly-ness is rude and not helpful." I simply don't suffer fools that don't know what they are talking about and yet chime in anyway - add value to the topic being discussed or just read and learn. I've had some other BS remarks from Glen in my limited time here and other members complained to me about him in PMs - nuff said - goes both ways.
CarefreeLad is offline   Reply With Quote
Old 02-21-2019, 11:09 AM   #39
Senior Member
 
Glenn Baglo's Avatar
 
Name: Glenn ( second 'n' is silent )
Trailer: 2009 Escape 17B 2020 Toyota Highlander XLE
British Columbia
Posts: 7,186
I have a different password for my banking. Another for any site involving potential purchases and another for social media.


Simple as that.
__________________
What happens to the hole when the cheese is gone?
- Bertolt Brecht
Glenn Baglo is offline   Reply With Quote
Old 02-21-2019, 11:48 AM   #40
Senior Member
 
Name: Daniel A.
Trailer: Bigfoot 17.0 1991 dlx
British Columbia
Posts: 703
Registry
The lock symbol you sometimes see in your browser bar, refers to financial transaction security. We don't take any payments on this website, so that's technically unnecessary.

The only time you need to worry is when you try to visit a site and get a full page block telling you that the website is trying to steal your information and not to proceed further. That means the website is hacked and/or malicious and you should definitely not visit. A "not secure" warning in the address bar of the browser is a totally different thing.It just means you should not be inputting sensitive information like your credit card number. That is standard web smarts. Never give anyone your CC number without a lock sign in the address bar.

Web protocol is shifting and trying to get everyone to switch to https security (the lock symbol in your browser bar).



Having a good anti-virus program on your computer ie I use Kaspersky plus changing passwords for different sites will go a long way.


I also have a social media forum unrelated to this one that we are currently looking at to address https only due to concerns from members about security. Between the host provider and having a good anti-virus program there is very little concern in my view.
Daniel A. is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Furnace Lighting Procedure Huck Care and Feeding of Molded Fiberglass Trailers 7 04-11-2014 03:25 PM
Selling Procedure CarolMarie Money Matters 30 04-26-2013 06:49 PM
Furnace procedure Shaidah Care and Feeding of Molded Fiberglass Trailers 22 09-20-2011 08:55 AM
Sign Legacy Posts Jokes, Stories & Tall Tales 14 05-11-2003 09:26 AM
Sign from God Legacy Posts Jokes, Stories & Tall Tales 10 01-22-2003 08:48 PM

» Upcoming Events
No events scheduled in
the next 465 days.
» Featured Campgrounds

Reviews provided by


All times are GMT -6. The time now is 07:57 AM.


Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2020, vBulletin Solutions Inc.