FGRV not a secure site??? - Fiberglass RV


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 02-04-2020, 09:05 AM   #1
Senior Member
 
Johnny M's Avatar
 
Name: John
Trailer: '71 Boler, '87 Play-Mor II
Deep South
Posts: 1,205
FGRV not a secure site???

When I came to the site today I noticed my browser stated in RED "NOT SECURE", when I clicked on it, it read "YOUR CONNECTION TO THIS SITE IS NOT SECURE - You should not enter any sensitive information on this site (for example, passwords or credit cards) because it could be stolen by attackers.

I know this is the first time I have seen this warning, so when did this site become not secure, because just coming here and logging in puts your user name and password at risk, although I didn't see it until after I logged in.

I am a website developer myself so I am asking the admins to give this their immediate attention.

Thanks,
Name withheld for security reasons
__________________

__________________
1971 Boler 1300 - "Suite 13"
1987 Play-Mor II - "The Beach House"
Johnny M is offline   Reply With Quote
Old 02-04-2020, 09:10 AM   #2
Senior Member
 
Donna D.'s Avatar
 
Name: Donna D
Trailer: Escape 5.0 TA, 2014
Oregon
Posts: 24,961
You must not have read this announcement: http://www.fiberglassrv.com/forums/f...ssl-91348.html
__________________

__________________
Donna D.
Ten Forward - 2014 Escape 5.0 TA
Double Yolk - 1988 16' Scamp Deluxe
Donna D. is offline   Reply With Quote
Old 02-04-2020, 09:22 AM   #3
Senior Member
 
Johnny M's Avatar
 
Name: John
Trailer: '71 Boler, '87 Play-Mor II
Deep South
Posts: 1,205
Quote:
Originally Posted by Donna D. View Post
You must not have read this announcement: http://www.fiberglassrv.com/forums/f...ssl-91348.html
Nope I sure didn't, thanks Donna. However, I am still surprise by reading the link that the forum has been going on unsecure for so long. This is a serious negligence issue for the owners of the site and I would like to know that in the future going forward that they will be more responsible in addressing security of user members profiles.
__________________
1971 Boler 1300 - "Suite 13"
1987 Play-Mor II - "The Beach House"
Johnny M is offline   Reply With Quote
Old 02-04-2020, 09:26 AM   #4
Senior Member
 
Name: Gordon
Trailer: 2015 Scamp (16 Std Layout 4) with '15 Toyota Sienna LE Tug
North Carolina
Posts: 3,745
Quote:
Originally Posted by Donna D. View Post
You must not have read this announcement: http://www.fiberglassrv.com/forums/f...ssl-91348.html
Or this... http://www.fiberglassrv.com/forums/f...tml#post730677

or this... http://www.fiberglassrv.com/forums/f...tml#post724657

The argument for SSL has been made a few times but it was not implemented because of a concern over breaking links (which is a solvable issue), and the fact that limited data of value is passed on the site. Of course web admins know of the other reasons that SSL should be used, and now it seems that this site will soon also follow that basic security tenet.

Quote:
Originally Posted by Johnny M View Post
...This is a serious negligence issue for the owners of the site and I would like to know that in the future going forward that they will be more responsible in addressing security of user members profiles.
I would not bet the farm on that. Its a free site managed by volunteers - limited time and resources. Not using the site and limiting what you share on it are options but I also hope it is a safe site to use since it has been so invaluable.

Now dont get me started on the bitcoin mining that maxxed out our CPUs when using this site... seems the code was hidden in an advertisement IIRC.
gordon2 is online now   Reply With Quote
Old 02-04-2020, 09:53 AM   #5
Senior Member
 
Name: Steve
Trailer: Currently Shopping
NW Wisconsin
Posts: 3,810
Every time I open up this site I get a warning that the site is not secure
I’ve been getting this same warning for over a year

“ NOT SECURE - fiberglass rv”

I get the same warning when I enter the Escape forum
steve dunham is online now   Reply With Quote
Old 02-04-2020, 11:10 AM   #6
Senior Member
 
Donna D.'s Avatar
 
Name: Donna D
Trailer: Escape 5.0 TA, 2014
Oregon
Posts: 24,961
Quote:
Originally Posted by steve dunham View Post
Every time I open up this site I get a warning that the site is not secure
Ive been getting this same warning for over a year

NOT SECURE - fiberglass rv

I get the same warning when I enter the Escape forum
And the EscapeForum is going to go through the exact same update: Forum update this week - SSL - Escape Trailer Owners Community
__________________
Donna D.
Ten Forward - 2014 Escape 5.0 TA
Double Yolk - 1988 16' Scamp Deluxe
Donna D. is offline   Reply With Quote
Old 02-04-2020, 11:20 AM   #7
Senior Member
 
Name: Henry
Trailer: BigFoot
Tennessee
Posts: 1,003
Well if Jeff Bezos can be hacked I doubt there is much that can be truly done if the desire and skill set is there to muck about with this website. So don't use the same password across other websites and watch your CPU usage.
Rzrbrn is online now   Reply With Quote
Old 02-04-2020, 02:36 PM   #8
Senior Member
 
Name: Lisle
Trailer: 2018 Casita Spirit Deiuxe
Massachusetts
Posts: 104
Registry
I'm wondering if the private messaging part of this forum is secure? That's likely where a lot of personal data might appear -- phone numbers, addresses, PayPal accounts, etc.

Also, can someone let me know what CPU use is?
Lisle is offline   Reply With Quote
Old 02-04-2020, 03:59 PM   #9
Senior Member
 
Name: Henry
Trailer: BigFoot
Tennessee
Posts: 1,003
CPU means Central Processing Unit. On my McBook Pro laptop the Activity Monitor (AM)will tell you what program is using how much data, so if something uses a lot of data you can then try to identify what the program is and if you approve of it. All of the programs running through the CPU are listed. There is undoubtably a more technical explanation of the AM or how to use it but this is how I use it.
Rzrbrn is online now   Reply With Quote
Old 02-04-2020, 06:51 PM   #10
Senior Member
 
Name: Elliott
Trailer: Bigfoot
Everywhere
Posts: 185
It's a free site, but it's not a non-profit or hobby site. The "company" is a one-man show as far as I can tell, or very close to it, so the technical side of it is a bit on the neglected side. For example, in addition to being 5+ years behind on adopting SSL, the forum software being used is "end of life" and no longer supported. I also suspect the owner is more focused on (especially non-forum) growth right now, as it seems to have expanded to 52 total sites.
Defenestrator is offline   Reply With Quote
Old 02-04-2020, 08:58 PM   #11
Senior Member
 
John in Santa Cruz's Avatar
 
Name: John
Trailer: Escape 21, behind an '02 F250 7.3 diesel tug
Mid Left Coast
Posts: 1,912
Quote:
Originally Posted by Defenestrator View Post
It's a free site, but it's not a non-profit or hobby site. The "company" is a one-man show as far as I can tell, or very close to it, so the technical side of it is a bit on the neglected side. For example, in addition to being 5+ years behind on adopting SSL, the forum software being used is "end of life" and no longer supported. I also suspect the owner is more focused on (especially non-forum) growth right now, as it seems to have expanded to 52 total sites.
indeed, I was using Fuelly.com, coowned by the same 'SocialKnowlege LLC, for awhile to track my vehicle mileage, it too has been very neglected, nothing has been updated in eons, the android applet for it barely works.

SocialKnowlege operates the RVlife network and a bunch more, rvlife in turn has at least a dozen maker-specific RV sites under it, all are variations on the same thign as this one, different templates, but the same structure. and yeah, its ALL being managed by a one man shop who seems to have a pretty hands off attitude.
John in Santa Cruz is offline   Reply With Quote
Old 02-04-2020, 10:24 PM   #12
Senior Member
 
Name: Jon
Trailer: Bigfoot
California
Posts: 103
Quote:
Originally Posted by Defenestrator View Post
It's a free site, but it's not a non-profit or hobby site. The "company" is a one-man show as far as I can tell, or very close to it, so the technical side of it is a bit on the neglected side. For example, in addition to being 5+ years behind on adopting SSL, the forum software being used is "end of life" and no longer supported. I also suspect the owner is more focused on (especially non-forum) growth right now, as it seems to have expanded to 52 total sites.
Based on the number of ads, click bait, popups, etc, I would say this is pretty much the opposite of not for profit site. I'm sure whoever owns this site does just fine selling our eyes to all of the advertisers.
JonRaw is offline   Reply With Quote
Old 02-05-2020, 07:42 AM   #13
Senior Member
 
cpaharley2008's Avatar
 
Name: jim
Trailer: 2019 2ndG Escape21 DeJa View pulled by 2014 Dodge Ram Hemi Sport
British Columbia
Posts: 6,590
Registry
It is secure now............!
__________________
Jim
Never in doubt, often wrong
cpaharley2008 is offline   Reply With Quote
Old 02-05-2020, 08:32 AM   #14
Senior Member
 
Name: Gordon
Trailer: 2015 Scamp (16 Std Layout 4) with '15 Toyota Sienna LE Tug
North Carolina
Posts: 3,745
Quote:
Originally Posted by cpaharley2008 View Post
It is secure now............!
Of course just because the site uses SSL does not even remotely imply that the data stored on the server is secure. So all the usual admonishments for safe Internet use still apply. These include using unique passwords for each site or app, not exposing any sensitive information such as social security numbers, banking account or routing numbers, etc.
gordon2 is online now   Reply With Quote
Old 02-05-2020, 08:56 AM   #15
Senior Member
 
cpaharley2008's Avatar
 
Name: jim
Trailer: 2019 2ndG Escape21 DeJa View pulled by 2014 Dodge Ram Hemi Sport
British Columbia
Posts: 6,590
Registry
Why is the SSL any less than the on line banking "lock" display?
__________________
Jim
Never in doubt, often wrong
cpaharley2008 is offline   Reply With Quote
Old 02-05-2020, 09:34 AM   #16
Senior Member
 
Name: Gordon
Trailer: 2015 Scamp (16 Std Layout 4) with '15 Toyota Sienna LE Tug
North Carolina
Posts: 3,745
Quote:
Originally Posted by cpaharley2008 View Post
Why is the SSL any less than the on line banking "lock" display?
Can you ask that another way? I do have a lock icon on my URL (Google Chrome browser).

The Site info shows the certificate is valid until June, issued by Cloudflair. (One reason websites avoid using SSL is the cost of the certificate).

SSL is a small part of the picture and banks better do pretty darn well at the rest of the security. Other sites might not do as well. Hence all the problems at sites with fewer resources, or even ones like Facebook.

By the way, I used to run a web server on an old computer at my house. I did have a SSL certificate but it was one that I issued to myself. Since I am not a trusted authority for issuing security certificates when you came to my site your browser (should have) issued a warning that the site might be fake (or words to that effect). But it still used SSL, just with a self-issued certificate. So the traffic to and from was encrypted, but that was the only security advantage for the user. They could not be sure the site was the one it claimed to be.

Its easy to set up a web server but maintaining the server properly is a lot of work, so I won't claim it was always secure and it maybe could have been hacked. Or I could have just decided to sell the data collected from my users. There is a lot of trust involved.
gordon2 is online now   Reply With Quote
Old 02-05-2020, 11:56 AM   #17
Senior Member
 
Johnny M's Avatar
 
Name: John
Trailer: '71 Boler, '87 Play-Mor II
Deep South
Posts: 1,205
Quote:
Originally Posted by Defenestrator View Post
It's a free site, but it's not a non-profit or hobby site. The "company" is a one-man show as far as I can tell, or very close to it, so the technical side of it is a bit on the neglected side. For example, in addition to being 5+ years behind on adopting SSL, the forum software being used is "end of life" and no longer supported. I also suspect the owner is more focused on (especially non-forum) growth right now, as it seems to have expanded to 52 total sites.
RV Life is definitely a for profit company. As for the software being at the "end of its life" that too is a huge security concern. This is how hackers do a lot of exploiting, by vulnerabilities of out dated software. With thousands upon thousands of posts and threads they could inject malicious code anywhere. The owner needs to migrate to up to date software to minimize security risks as well as rely on 3rd party site protection such as Site Lock Security in addition to high encryption SSL certificates.

All it takes is you visiting one hacked thread or post and malicious code can infect your computer stealing information on it as well and any other site you visit. There is a reason they call it a computer "virus".
__________________
1971 Boler 1300 - "Suite 13"
1987 Play-Mor II - "The Beach House"
Johnny M is offline   Reply With Quote
Old 02-05-2020, 12:06 PM   #18
Senior Member
 
ZachO's Avatar
 
Name: Zach
Trailer: 91 Bigfoot 17
Montana
Posts: 1,976
Registry
I was always a little surprised this site was unsecured, too. I know very, very little about all this stuff, but I do know that when I recently started a blog, just a very simple little blog, the web hosting service offered as part of the deal a secure site, in the sense that people would see that "lock" icon in the browser. All part of basic, $100/year web hosting.
ZachO is offline   Reply With Quote
Old 02-05-2020, 12:25 PM   #19
Senior Member
 
Name: Elliott
Trailer: Bigfoot
Everywhere
Posts: 185
In addition to the danger of the forum software being EOL (which isn't as bad as it sounds, given how many years of revision/fixes went into vBulletin 3.x without major functionality additions), vBulletin 3.8.11 only works with PHP 7.1 or older, which itself stopped getting security updates at the end of 2019.

Unfortunately the owner has his work cut out for him in terms of updating. vBulletin 5 is unfixably terrible, so the most realistic upgrade path is to switch everything over to Xenforo instead. That means redoing a lot of customization in addition to learning a whole new system, plus around $5K in license costs.
Defenestrator is offline   Reply With Quote
Old 02-05-2020, 04:09 PM   #20
Senior Member
 
cpaharley2008's Avatar
 
Name: jim
Trailer: 2019 2ndG Escape21 DeJa View pulled by 2014 Dodge Ram Hemi Sport
British Columbia
Posts: 6,590
Registry
It's always about the money.....
__________________

__________________
Jim
Never in doubt, often wrong
cpaharley2008 is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Are your hatches secure? Roy in TO General Chat 4 09-25-2010 07:14 PM
How to secure laminate by door Kelly N23 Problem Solving | Owners Helping Owners 1 08-15-2010 10:58 PM
Best way to secure wood to fiberglass TorreyT Problem Solving | Owners Helping Owners 7 04-25-2007 09:34 PM
Do You Secure Your Trailer When Unhitched? Cathy P. Problem Solving | Owners Helping Owners 14 03-05-2007 08:06 PM

» Upcoming Events
No events scheduled in
the next 465 days.
» Featured Campgrounds

Reviews provided by


All times are GMT -6. The time now is 01:47 PM.


Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2020, vBulletin Solutions Inc.
×