This is a place for non-art related conversations.

Moderators: Ambiguity, SeaQuenchal, virtueone

 

Postby tokigami.kineko » Tue Jun 27, 2017 8:08 am

  
tokigami.kineko

Subject title: Sycrar Art Forum needs to adopt HTTPS to protect passwords.

Without HTTPS, it is straightforward for bad hackers to steal passwords when users log in.

This forum hasn't attracted a hacker, yet. But, it could someday.

I surmise any aspiring hacker would hack this board for practice or fun at some point in the future.

It's time to lock the safe before a thief comes.

 

Postby Ambiguity » Tue Jun 27, 2017 8:14 am

User avatar
  Ambiguity
Posts: 5518
Joined: Thu May 17, 2012 7:55 am
Location: Your dreams

None of us here know how to do that, and afaik only sycra has server side access.

 

Postby azarga » Mon Jul 03, 2017 11:39 am

User avatar
  azarga
Posts: 335
Joined: Sat May 16, 2015 11:14 pm
Location: putinland

Tbh I couldn't care less about my forum password and email being stolen.
Nothing important is at risk.
Please check my stuff here:
My dA, it is pretty bad.

 

Postby Neevie » Sun Aug 27, 2017 12:09 pm

User avatar
  Neevie
Posts: 38
Joined: Tue Aug 22, 2017 9:13 am

Hey hi :) there is a site called https://letsencrypt.org/ where you can get a free certificate for a https site. You guys who helped to programm the site could help to move the site to https.
This link https://www.keycdn.com/blog/http-to-https/ is a complete guide to migrate http to https. Even if your site is written in html the migration should work.
Yes you need server side access. So probably sycra must read this first. I don`t know how much time he has to do this or if he is active in the forum.
And I don`t know how much he spends on the certificate for his server now. But with https you have less problems e.g spam bots, security etc.

I really like this forum guys. And I did read the terms and conditions xD

edit : oh and I scaned sycras site with copyscape. You have several Scrapers...these are bandit bots. They steal and duplicate content, as well as e-mail addresses.

"Scraper bots normally focus on retrieving data from a specific website. They also try to collect personal information from directories or message boards. While scraper bots target a variety of different verticals, common industries include online directories, airlines, e-commerce sites and online property sites. Scraper bots will also use your content to intercept web traffic. Additionally, multiple pieces of scraped content can be scrambled together to make new content and allow them to avoid duplicate content penalties.

What’s at risk: Scrapers grab your RSS feed so they know when you publish content. However, if you don't know that your site is being attacked by scrapers, you may not realize there's a problem. In the eyes of Google, however, ignorance is no excuse. Your website could be hit by severe penalties for duplicate content and even fail to appear in search engine rankings.

How to fight back: Be proactive and attentive to your site, thus increasing the likelihood that you can take action before severe damage is done." by https://moz.com/blog/how-to-prevent-hac ... ur-website

here the results : http://www.copyscape.com/?q=http%3A%2F% ... 2Fforum%2F

Just wanted to help somehow

 

Postby Bugpal Hopeday » Wed Dec 20, 2017 1:09 am

User avatar
  Bugpal Hopeday
Posts: 140
Joined: Tue Jan 10, 2017 1:23 am

Seconding the above. Major browsers have moved from treating https as optional to flagging http as dangerous. So even if the effects of data being leaked would be minor (not sure), the other issue is it might scare new users off when they see a flashing danger sign.
My sketchbook. Feedback and crits welcome.

 

Postby Ambiguity » Wed Dec 20, 2017 2:50 pm

User avatar
  Ambiguity
Posts: 5518
Joined: Thu May 17, 2012 7:55 am
Location: Your dreams

Sycra is still the only one who can do anything about it, I suggest PMing him if it really matters to you, but the peeps who helped him with the code before haven't been around here for a long while so I don't even know if he'll be able to do anything about it.


Return to Lounge

Who is online

Users browsing this forum: No registered users and 2 guests

cron