Did the cert expire? Has it always been this way and nobody noticed or cared? Is Firefox wrong and logins are actually SSL encrypted?
There are free options for ssl certs to fix it. Unencrypted plaintext password submissions are pretty terrible.
Hope nobody uses common passwords.
Chrome has been trowing errors for months; I don't remember exactly when it started.
I've always had a password for this site that has absolutely zero resemblance of every other password I have ever used because I always feared it would get compromised.
'76 911S | '14 328xi | '17 GTI | In memoriam: '08 848, '85 944
"Here, at last, is the cure for texting while driving. The millions of deaths which occur every year due to the iPhone’s ability to stream the Kim K/Ray-J video in 4G could all be avoided, every last one of them, if the government issued everyone a Seventies 911 and made sure they always left the house five minutes later than they’d wanted to. It would help if it could be made to rain as well. Full attention on the road. Guaranteed." -Jack Baruth
I noticed this many moons ago but forgot to bring it up. I don't even know what my password is for this site. It was saved years ago in chrome and I never log out.
2019 Accord Sport 2.0 A/T
2012 Civic Si - Sold
I'll share this in the "web admin" chat.
(04-23-2019, 12:02 AM)Evan Wrote:
Did the cert expire? Has it always been this way and nobody noticed or cared? Is Firefox wrong and logins are actually SSL encrypted?
There are free options for ssl certs to fix it. Unencrypted plaintext password submissions are pretty terrible.
Hope nobody uses common passwords.
The site has never had a cert for SSL. This falls into the "I'm too busy to do anything with it" bucket given nobody else has offered help with labor or finances to keep this site and forum alive for the last ten years.
I know we'd talked about moving the whole thing to Discourse a while back. Would be great to do that and address the security concerns, but I have 0% interest in doing that by myself.
Now:
'16 Ram 1500 | '97 BMW M3 | Some Press Loan
Then:
87 BMW 325e | 91 BMW 535i | 96 BMW 328i | 95 BMW 325i | 95 Mazda Miata | 13 Focus ST | 09 BMW 128i | 00 Pontiac Firebird | 05 Yukon Denali | 96 BMW 328iC | 11 Ford F-150 | 06 BMW M3 | 10 Range Rover SC | '03 Ford Ranger | '18 Ford F-150 | '01 BMW X5 | '98 Volvo S70 T5M
(04-23-2019, 09:01 AM)Jake Wrote: The site has never had a cert for SSL. This falls into the "I'm too busy to do anything with it" bucket given nobody else has offered help with labor or finances to keep this site and forum alive for the last ten years.
I can't help with any of the actual work, but if you feel like putting together the costs of keeping this thing running I'm sure we could crowd fund enough to cover it from those of us who regularly use it. It's kind of something I never really think about when using the forum. I'd be happy to contribute, but I would prefer to have an idea of how much money is needed and where it is going.
2019 Accord Sport 2.0 A/T
2012 Civic Si - Sold
I think the club can/should pay for it and Brandon is on board to move the financial aspect of it to the MM bank account.
We're discussing what to do about SSL, as well as the future of the site in general, right now. Taylor is willing to help with SSL so that can be taken care of easily enough.
Now:
'16 Ram 1500 | '97 BMW M3 | Some Press Loan
Then:
87 BMW 325e | 91 BMW 535i | 96 BMW 328i | 95 BMW 325i | 95 Mazda Miata | 13 Focus ST | 09 BMW 128i | 00 Pontiac Firebird | 05 Yukon Denali | 96 BMW 328iC | 11 Ford F-150 | 06 BMW M3 | 10 Range Rover SC | '03 Ford Ranger | '18 Ford F-150 | '01 BMW X5 | '98 Volvo S70 T5M
Working with Adam on a plan here. I'll hold off on purchasing a cert unless someone has a cheap resource for them because we may not need with what Adam has proposed.
Good call on the club funding the forum. Seems like they have a surplus these days from what has been tossed around here. Thanks for all those involved.
2019 Accord Sport 2.0 A/T
2012 Civic Si - Sold
04-23-2019, 10:12 AM
(This post was last modified: 04-23-2019, 10:14 AM by Evan.)
(04-23-2019, 09:33 AM)Senor_Taylor Wrote: Working with Adam on a plan here. I'll hold off on purchasing a cert unless someone has a cheap resource for them because we may not need with what Adam has proposed.
LetsEncrypt offers free SSL certs
https://letsencrypt.org/
https://www.sslforfree.com/
Its by the Linux foundation and backed by Mozilla, Cisco,Amamai, Facebook , etc, so its not some sketchy provider.
first priority should be getting ssl set up on the current site. That's a "shouldn't be online at all without it" kind of thing.
Longer term, Im still willing to set up a discourse server if there is interest. (there was not last I mentioned it). Im sure adam could do it as well.
Using in production will require reasonable hosting cost, but probably more than what you are paying now.
(04-23-2019, 10:12 AM)Evan Wrote: (04-23-2019, 09:33 AM)Senor_Taylor Wrote: Working with Adam on a plan here. I'll hold off on purchasing a cert unless someone has a cheap resource for them because we may not need with what Adam has proposed.
LetsEncrypt offers free SSL certs
https://letsencrypt.org/
https://www.sslforfree.com/
Its by the Linux foundation and backed by Mozilla, Cisco,Amamai, Facebook , etc, so its not some sketchy provider.
first priority should be getting ssl set up on the current site. That's a "shouldn't be online at all without it" kind of thing.
Longer term, Im still willing to set up a discourse server if there is interest. (there was not last I mentioned it). Im sure adam could do it as well.
Using in production will require reasonable hosting cost, but probably more than what you are paying now.
The current hosting service doesn't support letsencrypt. We're looking into switching hosting services. Talk to Adam if you'd like to have a direct conversation about this. We have a groupchat.
I think it'd be great to maybe get web admin responsibilities handed off to someone outside MM so we don't have this roundabout of trying to find someone to do things and we've asked a lot of Jake to handle it for the last decade.
04-24-2019, 08:48 AM
(This post was last modified: 04-24-2019, 08:51 AM by Evan.)
(04-23-2019, 10:21 AM)Senor_Taylor Wrote: The current hosting service doesn't support letsencrypt. We're looking into switching hosting services. Talk to Adam if you'd like to have a direct conversation about this. We have a groupchat. Even if you don't have shell access, you can still get a free cert via sslforfree. They issue certs using the letsencrypt authority that you can install via cpanel just like a cert you would buy.
https://www.youtube.com/watch?v=K90RxdQp9OE
Ive reached out to Adam via PM for some server info, and plan to get the discourse server up in the next few days so we can evaluate it.
(04-24-2019, 08:48 AM)Evan Wrote: (04-23-2019, 10:21 AM)Senor_Taylor Wrote: The current hosting service doesn't support letsencrypt. We're looking into switching hosting services. Talk to Adam if you'd like to have a direct conversation about this. We have a groupchat. Even if you don't have shell access, you can still get a free cert via sslforfree. They issue certs using the letsencrypt authority that you can install via cpanel just like a cert you would buy.
https://www.youtube.com/watch?v=K90RxdQp9OE
Ive reached out to Adam via PM for some server info, and plan to get the discourse server up in the next few days so we can evaluate it. Seemed Discourse is out of the question due to cost?
Sent from my Pixel 3 XL using Tapatalk
(04-24-2019, 09:52 AM)Senor_Taylor Wrote: (04-24-2019, 08:48 AM)Evan Wrote: (04-23-2019, 10:21 AM)Senor_Taylor Wrote: The current hosting service doesn't support letsencrypt. We're looking into switching hosting services. Talk to Adam if you'd like to have a direct conversation about this. We have a groupchat. Even if you don't have shell access, you can still get a free cert via sslforfree. They issue certs using the letsencrypt authority that you can install via cpanel just like a cert you would buy.
https://www.youtube.com/watch?v=K90RxdQp9OE
Ive reached out to Adam via PM for some server info, and plan to get the discourse server up in the next few days so we can evaluate it. Seemed Discourse is out of the question due to cost?
Sent from my Pixel 3 XL using Tapatalk
Is it? What is your budget? Discourse on DigitalOcean would be about $10/ month.
Adam already spoke to them and we need a business license to migrate existing data over. Which is like $3000
Sent from my Pixel 3 XL using Tapatalk
(04-24-2019, 10:39 AM)Senor_Taylor Wrote: Adam already spoke to them and we need a business license to migrate existing data over. Which is like $3000
Sent from my Pixel 3 XL using Tapatalk
Their migration scripts are open source on GitHub. They only charge if they migrate the data for you.
I'm checking out on this, doesn't sound like you guys are interested in help.
04-24-2019, 10:59 AM
(This post was last modified: 04-24-2019, 11:38 AM by Senor_Taylor.)
(04-24-2019, 10:55 AM)Evan Wrote: (04-24-2019, 10:39 AM)Senor_Taylor Wrote: Adam already spoke to them and we need a business license to migrate existing data over. Which is like $3000
Sent from my Pixel 3 XL using Tapatalk
Their migration scripts are open source on GitHub. They only charge if they migrate the data for you.
I'm checking out on this, doesn't sound like you guys are interested in help. We definitely welcome help. I just want to make sure you're not duplicating effort if Adam already explored an avenue you're planning on looking into.
Sent from my Pixel 3 XL using Tapatalk
Evan, can you join the web admin group chat so we can talk about this? I'm looking through the migration scripts and just want to be in the loop here.
https://github.com/discourse/discourse/b...ts/mybb.rb
Did anything ever come of this? I can no longer access the forum on my work computer because our virus protection thinks it's a malicious site. My assumption is because the site is not secure. I could be completely wrong.
1st world problem, I know.
If resources are needed I am willing to contribute towards needed expenses.
2019 Accord Sport 2.0 A/T
2012 Civic Si - Sold
10-09-2019, 11:07 PM
(This post was last modified: 10-09-2019, 11:09 PM by Senor_Taylor.)
We looked into moving this to discourse and the cost to have it moved over was pretty outrageous. Adam looked into doing it himself and it was a lot of work and his test runs didn't pan out.
I also think we're approaching a crossroads here as I think Jake doesn't want to own the hosting of this anymore. Someone will need to take it over.
If Evan wants to give it a shot, I'm down to work together on it. A couple of us also sent Jake money since he's been paying for the hosting for a while. (We checked the AdSense account a few years ago and took the money out I believe)
The most simple option is the just pay for the SSL cert (the current host provider doesn't allow free certs). I'm okay with doing this.
Sent from my Pixel 3 XL using Tapatalk
I also got the "suspicious site danger will robinson!" message at my client site last week. It's back to working now.
I need to move the hosting and maintenance of the site to someone who's not myself. Everything renews in March 2020 so we need to complete this project by then.
I'd love to see something that was a homepage, forum and chat solution all in one. Discourse sounds like the way to go about implementing this. If we avoid Discourse, we can keep the mix of Wordpress, myBB and GroupMe although it's clunky and doesn't provide the best overall experience IMO. I'm down to help, but on someone else's dime and with me not being the project lead or key point of contact. So, who wants to PM this and get started?
Now:
'16 Ram 1500 | '97 BMW M3 | Some Press Loan
Then:
87 BMW 325e | 91 BMW 535i | 96 BMW 328i | 95 BMW 325i | 95 Mazda Miata | 13 Focus ST | 09 BMW 128i | 00 Pontiac Firebird | 05 Yukon Denali | 96 BMW 328iC | 11 Ford F-150 | 06 BMW M3 | 10 Range Rover SC | '03 Ford Ranger | '18 Ford F-150 | '01 BMW X5 | '98 Volvo S70 T5M
|