New sign-in procedure - Page 3 - Fiberglass RV
RV News RVBusiness 2021 Top 10 RVs of the Year, plus 56 additional debuts and must-see units → ×


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 02-21-2019, 11:54 AM   #41
Member
 
Name: Bryan
Trailer: Carefree
British Columbia
Posts: 94
Quote:
Originally Posted by Glenn Baglo View Post
I have a different password for my banking. Another for any site involving potential purchases and another for social media.


Simple as that.

Good Glen...then you are safe!
CarefreeLad is offline   Reply With Quote
Old 02-21-2019, 12:07 PM   #42
Member
 
Name: Bryan
Trailer: Carefree
British Columbia
Posts: 94
Quote:
Originally Posted by Daniel A. View Post
The lock symbol you sometimes see in your browser bar, refers to financial transaction security. We don't take any payments on this website, so that's technically unnecessary.

Incorrect. it means that the data transmission between the browser and server is encrypted. This is of course important for financial transactions, but for the reason that your credentials are being passed in plain text for the bad folks to read should they choose to. As I've said - exposed credentials leaves users of this site potentially vulnerable on other sites.



Quote:
Originally Posted by Daniel A. View Post
The only time you need to worry is when you try to visit a site and get a full page block telling you that the website is trying to steal your information and not to proceed further. That means the website is hacked and/or malicious and you should definitely not visit.

I'm sorry, but you do not understand web security. Yes..you should avoid those pages, but data and identity theft are very different from infected sites or sites known to have contained infected files. The latter is virus/malware related and the former is not at all. What I am talking about has nothing to do with you r I going to infected sites - it's about credentials that can be stolen and used to hack into your accounts elsewhere - not at all virus/malware related.



Quote:
Originally Posted by Daniel A. View Post
A "not secure" warning in the address bar of the browser is a totally different thing.It just means you should not be inputting sensitive information like your credit card number. That is standard web smarts. Never give anyone your CC number without a lock sign in the address bar.

Now you're talking, but you need to add to that - "don't provide your credentials either".





Quote:
Originally Posted by Daniel A. View Post

Web protocol is shifting and trying to get everyone to switch to https security (the lock symbol in your browser bar).

It has shifted and this is NOT about getting anyone using your site to do anything different. It has to do with you guys making sure the web server your site runs in forces the URL to switch to HTTPS if someone tries to visit the page with HTTP. As I've already said - a setting in IIS can be changed and then HTTPS (SSL) if forced site wide. Then things are secure...nobody can accidentally end up submitting sensitive data via an unencrypted connection.





Quote:
Originally Posted by Daniel A. View Post

Having a good anti-virus program on your computer ie I use Kaspersky plus changing passwords for different sites will go a long way.

Good advice for sure, but what about the responsibility of the site owners to not have security holes in the first place??
CarefreeLad is offline   Reply With Quote
Old 02-21-2019, 12:17 PM   #43
Member
 
Name: Bryan
Trailer: Carefree
British Columbia
Posts: 94
Insecure login

It would appear some changes have been made since last night - the insecure vBulletin login page "http://www.fiberglassrv.com/forums/login.php" now redirects to "http://www.fiberglassrv.com/forums".


I pulled the above insecure URL from my browser history from last night - proving I visited that page yesterday without being redirected.


See the attached screenshots of proof that SSL is not being forced and a user can end up on an insecure login page - note the http and the lock with a line through it in my address bar.
Attached Thumbnails
insecure login - not submitted.png   insecure login - submitted with error.png  

CarefreeLad is offline   Reply With Quote
Old 02-21-2019, 12:27 PM   #44
member
 
Name: J
Isle of Wight
Posts: 536
Quote:
Originally Posted by CarefreeLad View Post
It would appear some changes have been made since last night - the insecure vBulletin login page "http://www.fiberglassrv.com/forums/login.php" now redirects to "http://www.fiberglassrv.com/forums".


I pulled the above insecure URL from my browser history from last night - proving I visited that page yesterday without being redirected.


See the attached screenshots of proof that SSL is not being forced and a user can end up on an insecure login page - note the http and the lock with a line through it in my address bar.


I just went to view that screenshot - but I was not logged in.
I was asked to log in on an unsecure page..... and it asked for a user ID.

What is going on?
WizWid is offline   Reply With Quote
Old 02-21-2019, 12:34 PM   #45
Member
 
Name: Bryan
Trailer: Carefree
British Columbia
Posts: 94
Quote:
Originally Posted by widgetwizard View Post
I just went to view that screenshot - but I was not logged in.
I was asked to log in on an unsecure page..... and it asked for a user ID.

What is going on?

Exactly!! I think there are still links to force logon that take you to that insecure page that asks for user ID. What you found is the page I can no longer get to - the vBulletin login that asks for User ID.
If you can reproduce that....please post the login form URL Widget.


Thanks for the confirmation Widget!
CarefreeLad is offline   Reply With Quote
Old 02-21-2019, 12:37 PM   #46
member
 
Name: J
Isle of Wight
Posts: 536
Quote:
Originally Posted by CarefreeLad View Post
Exactly!! I think there are still links to force logon that take you to that insecure page that asks for user ID. What you found is the page I can no longer get to - the vBulletin login that asks for User ID.
If you can reproduce that....please post the login form URL Widget.


Thanks for the confirmation Widget!

Here is a screenshot....
Attached Thumbnails
screenshot.png  
WizWid is offline   Reply With Quote
Old 02-21-2019, 12:47 PM   #47
Member
 
Name: Bryan
Trailer: Carefree
British Columbia
Posts: 94
Thanks! - so that's 2 insecure forms in the wild, but what do I know huh
CarefreeLad is offline   Reply With Quote
Old 02-21-2019, 01:19 PM   #48
Administrator
 
Janet H's Avatar
 
Name: Janet
Trailer: Argosy
Washington
Posts: 2,109
Registry
Thanks for the additional screen shots - looking at this now.
__________________
.
FGRV Forum Custom Search
Janet H is offline   Reply With Quote
Old 02-21-2019, 01:41 PM   #49
Member
 
Name: Bryan
Trailer: Carefree
British Columbia
Posts: 94
Quote:
Originally Posted by Janet H View Post
Thanks for the additional screen shots - looking at this now.

Anytime Janet - 25 years in the game!


I've learned a few things - been at it since the early side of the mid-90s - seen the dot com bubble form and burst and had a Palm Pilot when nobody knew what the heck they were - handled sensitive data for governments and industry.


Take care


-Bryan
CarefreeLad is offline   Reply With Quote
Old 02-21-2019, 03:29 PM   #50
Senior Member
 
Name: Daniel A.
Trailer: Bigfoot 17.0 1991 dlx
British Columbia
Posts: 713
Registry
Lightbulb

Quote:
Originally Posted by CarefreeLad View Post
Anytime Janet - 25 years in the game!


I've learned a few things - been at it since the early side of the mid-90s - seen the dot com bubble form and burst and had a Palm Pilot when nobody knew what the heck they were - handled sensitive data for governments and industry.


Take care


-Bryan





OH BOY, there is something called social skills.
Daniel A. is offline   Reply With Quote
Old 02-21-2019, 04:04 PM   #51
Member
 
Name: Bryan
Trailer: Carefree
British Columbia
Posts: 94
Quote:
Originally Posted by Daniel A. View Post
OH BOY, there is something called social skills.

So I guess pointing out site flaws and giving advice as to how to fix them, then taking flac for it is anti-social huh. Nice attitude



I was expressing my years of experience doing things that clearly the admins here have not. How is that a social skills issue? I'm offering my help and getting spit on for it.


I am not bot blame - the owners of this site are for failing to properly protect the data of there users here while saying security and privacy are important here.



What the do we say about a "senior member" who gives false information to the users about security - have a look in a mirror Daniel - you are uninformed and making things worse - why freak out at me as opposed to benefit from what I know??



If you guys want some help - more than happy - if not - fine by me.


To other members - PM if you'd like to understand this better - no problem...glad to help as you have helped me.
CarefreeLad is offline   Reply With Quote
Old 02-21-2019, 09:27 PM   #52
Senior Member
 
Paul O.'s Avatar
 
Name: Paul
Trailer: '04 Scamp 19D, TV:Tacoma 4.0L 4door, SB
Colorado
Posts: 1,681
Everybody has a different way of communicating and being direct, even blunt and referring to one's experience is not bragging or a lack of social skills. I think Bryan is right in this argument and his help should be welcomed.

I see it this way: anything that resembles a form to be filled out on a web page can be a target. It already says "username" and "password", so it should be easy to harvest, if not secure. Same goes for e-mail addresses and phone numbers. How many times do the moderators have to remind people to not use the @ and . symbols pattern, and at least write out the phone numbers in words (misspelling might even improve security). To communicate those items is what the PM system is for, and it most probably is secure (I have not checked, though). Many years before I started to hang out here, this forum was maliciously destroyed, I heard. Let's hope the users and the forum will remain safe.
Paul O. is offline   Reply With Quote
Old 02-22-2019, 10:09 AM   #53
Member
 
Name: Bryan
Trailer: Carefree
British Columbia
Posts: 94
Quote:
Originally Posted by Paul O. View Post
Everybody has a different way of communicating and being direct, even blunt and referring to one's experience is not bragging or a lack of social skills. I think Bryan is right in this argument and his help should be welcomed.

I see it this way: anything that resembles a form to be filled out on a web page can be a target. It already says "username" and "password", so it should be easy to harvest, if not secure. Same goes for e-mail addresses and phone numbers. How many times do the moderators have to remind people to not use the @ and . symbols pattern, and at least write out the phone numbers in words (misspelling might even improve security). To communicate those items is what the PM system is for, and it most probably is secure (I have not checked, though). Many years before I started to hang out here, this forum was maliciously destroyed, I heard. Let's hope the users and the forum will remain safe.

Thanks Paul - blunt is indeed my middle name ....although much more so in situations like this when I see folks are in potential jeopardy.


For the record....it's safest to simply have SSL applied and forced for the entire site. There was a time long ago that would have slowed down the site - no more. You can try and cherry pick every vulnerable page or just go all in - no cost difference, but simpler and more effective. Given the admins didn't even know this was going on - all in sounds best for sure.



Take care


-Bryan
CarefreeLad is offline   Reply With Quote
Old 02-22-2019, 12:56 PM   #54
Senior Member
 
SilverGhost's Avatar
 
Name: Jason
Trailer: Egg Camper
Tennessee
Posts: 329
Quote:
Originally Posted by Janet H View Post
There is no place on the site you should be entering a username and password to login if you are using the full browser version of the site. You should always be entering e-mail and password to login.
Sorry to sidetrack this discussion on SSL, but WHY did we change from screen name to email for login? It's been a pain in the arse.

Jason
SilverGhost is offline   Reply With Quote
Old 02-22-2019, 04:31 PM   #55
Senior Member
 
Glenn Baglo's Avatar
 
Name: Glenn ( second 'n' is silent )
Trailer: 2009 Escape 17B 2020 Toyota Highlander XLE
British Columbia
Posts: 7,388
Why is it a pain? Log in with your email, click the remember me box and don't log out.
Works for me.
__________________
What happens to the hole when the cheese is gone?
- Bertolt Brecht
Glenn Baglo is offline   Reply With Quote
Old 02-22-2019, 05:49 PM   #56
Senior Member
 
Name: Alan
Trailer: 2010 Little Joe / 2010 2 Dr Jeep Wrangler
Colorado
Posts: 1,553
I agree w/ Glen
Easy peezy
Canít believe this thread is still an issue
alan H is offline   Reply With Quote
Old 02-25-2019, 09:53 AM   #57
Senior Member
 
SilverGhost's Avatar
 
Name: Jason
Trailer: Egg Camper
Tennessee
Posts: 329
Hmm, seems like it's time to stop visiting and get rid of my account.

Jason
SilverGhost is offline   Reply With Quote
Old 02-26-2019, 04:30 PM   #58
Senior Member
 
Name: Fredrick
Trailer: Escape 21C
Tennessee
Posts: 318
Sign in woes

I too have been having to login 3-4 tries for the last month. I seem to get Wrong password memos time after time
Fred762 is offline   Reply With Quote
Old 02-26-2019, 04:45 PM   #59
Senior Member
 
Name: Gordon
Trailer: 2015 Scamp (16 Std Layout 4) with '15 Toyota Sienna LE Tug
North Carolina
Posts: 4,507
Quote:
Originally Posted by SilverGhost View Post
Sorry to sidetrack this discussion on SSL, but WHY did we change from screen name to email for login? ...
See http://www.fiberglassrv.com/forums/f...oon-87191.html
gordon2 is offline   Reply With Quote
Old 02-26-2019, 05:34 PM   #60
Senior Member
 
Glenn Baglo's Avatar
 
Name: Glenn ( second 'n' is silent )
Trailer: 2009 Escape 17B 2020 Toyota Highlander XLE
British Columbia
Posts: 7,388
Quote:
Originally Posted by Fred762 View Post
I too have been having to login 3-4 tries for the last month. I seem to get Wrong password memos time after time

Simple solution. Next time you get logged on, don't log out, ever.
__________________
What happens to the hole when the cheese is gone?
- Bertolt Brecht
Glenn Baglo is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Furnace Lighting Procedure Huck Care and Feeding of Molded Fiberglass Trailers 7 04-11-2014 03:25 PM
Selling Procedure CarolMarie Money Matters 30 04-26-2013 06:49 PM
Furnace procedure Shaidah Care and Feeding of Molded Fiberglass Trailers 22 09-20-2011 08:55 AM
Sign Legacy Posts Jokes, Stories & Tall Tales 14 05-11-2003 09:26 AM
Sign from God Legacy Posts Jokes, Stories & Tall Tales 10 01-22-2003 08:48 PM

» Upcoming Events
No events scheduled in
the next 465 days.
» Featured Campgrounds

Reviews provided by


All times are GMT -6. The time now is 06:28 AM.


Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2021, vBulletin Solutions Inc.