Amazon has whacked our affiliate account. Hosting Donations/Commitments $2063 of $1920 (Sept 13/18). In Hand $1466 (Lump sum payments minus paypal graft). Paypal Donation Link Here

Securing Logins

Discuss site matters here

Moderators: FishPants, ooRip

User avatar
Cylus Maxii
Posts: 3117
Joined: Fri Nov 05, 2004 10:13 pm
Location: Denver, CO
Contact:

Securing Logins

Post by Cylus Maxii » Wed Apr 26, 2017 6:35 pm

Can we please implement https for login?
My nephew, Jake - "I mean is there really anything more pure? Than sweet zombie monkey love?"

User avatar
FishPants
Server WhOOre
Posts: 4365
Joined: Fri Oct 15, 2004 1:38 pm
Location: Canada
fishpants’s avatar
Loading…

Re: Securing Logins

Post by FishPants » Fri Apr 28, 2017 8:07 am

I'll look into it.. I'm hesitant to enhance this version much, but it's a reasonable request. I'll see what the effort is to purchase a cert, and then rewrite URLs to https.
No.

User avatar
FishPants
Server WhOOre
Posts: 4365
Joined: Fri Oct 15, 2004 1:38 pm
Location: Canada
fishpants’s avatar
Loading…

Re: Securing Logins

Post by FishPants » Fri Apr 28, 2017 1:32 pm

Cylus Maxii wrote:Can we please implement https for login?
I ordered (and installed) an SSL certificate.. Do me a favour please and try to use the site using https:// and let me know if any problems (before I force this site wide). I think I'll just make the whole damn site SSL rather then doing URL rewriting for login and registration pages.
No.

User avatar
stessier
Posts: 24006
Joined: Tue Dec 21, 2004 12:30 pm
Location: SC

Re: Securing Logins

Post by stessier » Fri Apr 28, 2017 1:44 pm

Works for me using Chrome and prosilver.
I require a reminder as to why raining arcane destruction is not an appropriate response to all of life's indignities. - Vaarsuvius
Global Steam Wishmaslist Tracking
Running____2014: 1300.55 miles____2015: 2036.13 miles____2016: 1012.75 miles____2017: 1105.82 miles____2018: 1318.91 miles

User avatar
FishPants
Server WhOOre
Posts: 4365
Joined: Fri Oct 15, 2004 1:38 pm
Location: Canada
fishpants’s avatar
Loading…

Re: Securing Logins

Post by FishPants » Fri Apr 28, 2017 1:58 pm

Ok well I added a rewrite in htaccess to force SSL. Let me know if any problems (I also forced all cookies to use secure, so you might get logged out until you relogin under https.. maybe not.. the intertubez is muddy on this).

Anyways good suggestion, thanks.
No.

User avatar
stessier
Posts: 24006
Joined: Tue Dec 21, 2004 12:30 pm
Location: SC

Re: Securing Logins

Post by stessier » Fri Apr 28, 2017 2:00 pm

I didn't get logged out, but all the graphics were reloaded (noticed most on the smilies as they popped in rather slowly). No slow down in speed after the first visit to each board, though.
I require a reminder as to why raining arcane destruction is not an appropriate response to all of life's indignities. - Vaarsuvius
Global Steam Wishmaslist Tracking
Running____2014: 1300.55 miles____2015: 2036.13 miles____2016: 1012.75 miles____2017: 1105.82 miles____2018: 1318.91 miles

User avatar
Isgrimnur
Posts: 58821
Joined: Sun Oct 15, 2006 12:29 am
Location: Dallas, TX
Contact:
Isgrimnur’s avatar
Snooze

Re: Securing Logins

Post by Isgrimnur » Fri Apr 28, 2017 2:07 pm

You broke Tapatalk.
Silver - 2k

Autobots and Starfleet officers — we fight together!

User avatar
FishPants
Server WhOOre
Posts: 4365
Joined: Fri Oct 15, 2004 1:38 pm
Location: Canada
fishpants’s avatar
Loading…

Re: Securing Logins

Post by FishPants » Fri Apr 28, 2017 2:16 pm

Isgrimnur wrote:You broke Tapatalk.
I apparently need to login to tapatalk to configure the dashboard.. I have six passwords in lastpass for tapatalk, none of them work (lastpass and tapatalk never get along...).. So I do a password reset, it never sends me the email to reset the password.

I'll wait and see, but as usual Tapatalk is a bit of a gong show.
No.

User avatar
GreenGoo
Posts: 39891
Joined: Thu Oct 14, 2004 10:46 pm
Location: Ottawa, ON

Re: Securing Logins

Post by GreenGoo » Fri Apr 28, 2017 2:22 pm

When I post, the redirect afterwards is broken. from the url it looks like it's tacking on the port number (80 which is standard http. If the port is hard coded, should be 443, no?).

I'll grab the URL and post it here for you, just a sec.

edit: here's the URL from the first time I posted this post.

Code: Select all

https://www.octopusoverlords.com:80/forum/viewtopic.php?f=10&t=94323&p=2467947#p2467947
That's the redirect after the "message has been posted successfully" page, and it fails.

edit2: Removing the port number fixes the URL, fyi. So whatever is inserting the :80 on the end of the domain is breaking it.

edit3: changing :80 to :443 also works, fyi.
Last edited by GreenGoo on Fri Apr 28, 2017 2:25 pm, edited 3 times in total.

User avatar
FishPants
Server WhOOre
Posts: 4365
Joined: Fri Oct 15, 2004 1:38 pm
Location: Canada
fishpants’s avatar
Loading…

Re: Securing Logins

Post by FishPants » Fri Apr 28, 2017 2:23 pm

Isgrimnur wrote:You broke Tapatalk.
I'm relying using the stupid app. Think I fixed it.


Sent from my iPhone using Tapatalk
No.

User avatar
Isgrimnur
Posts: 58821
Joined: Sun Oct 15, 2006 12:29 am
Location: Dallas, TX
Contact:
Isgrimnur’s avatar
Snooze

Re: Securing Logins

Post by Isgrimnur » Fri Apr 28, 2017 2:27 pm

I'm back in through the app. Thank you.
Silver - 2k

Autobots and Starfleet officers — we fight together!

User avatar
FishPants
Server WhOOre
Posts: 4365
Joined: Fri Oct 15, 2004 1:38 pm
Location: Canada
fishpants’s avatar
Loading…

Re: Securing Logins

Post by FishPants » Fri Apr 28, 2017 2:31 pm

GreenGoo wrote:When I post, the redirect afterwards is broken. from the url it looks like it's tacking on the port number (80 which is standard http. If the port is hard coded, should be 443, no?).

I'll grab the URL and post it here for you, just a sec.

edit: here's the URL from the first time I posted this post.

Code: Select all

https://www.octopusoverlords.com:80/forum/viewtopic.php?f=10&t=94323&p=2467947#p2467947
That's the redirect after the "message has been posted successfully" page, and it fails.

edit2: Removing the port number fixes the URL, fyi. So whatever is inserting the :80 on the end of the domain is breaking it.

edit3: changing :80 to :443 also works, fyi.

Thanks.. I turned off all rewriting in apache and it was still doing it.. found another setting in PHPbb3 that I mucked with, reversed that and it seemed to fix it.. Going to turn rewriting back on and see if the stupid hard coded port comes back (seriously who hard codes a f'ing port).
No.

User avatar
FishPants
Server WhOOre
Posts: 4365
Joined: Fri Oct 15, 2004 1:38 pm
Location: Canada
fishpants’s avatar
Loading…

Re: Securing Logins

Post by FishPants » Fri Apr 28, 2017 2:34 pm

Ok I think I have HTTPS rewriting working again, and the referral link after posting working as well as Tapatalk restored. Phew.
No.

User avatar
GreenGoo
Posts: 39891
Joined: Thu Oct 14, 2004 10:46 pm
Location: Ottawa, ON

Re: Securing Logins

Post by GreenGoo » Fri Apr 28, 2017 2:36 pm

Yep, working for me. Nice job.

How painful was it?

User avatar
FishPants
Server WhOOre
Posts: 4365
Joined: Fri Oct 15, 2004 1:38 pm
Location: Canada
fishpants’s avatar
Loading…

Re: Securing Logins

Post by FishPants » Fri Apr 28, 2017 2:39 pm

Not bad really.. I ordered a cert through rapidssl (reseller of anyways).. $20 for 3 years, took them about 5-6 hours to cough it up though after I submitted the CSR.

The trouble is every jackwagon on the Internet has a different method of doing the rewrite for phpbb3 in Apache.. Ends up 99% of them were wrong. Ended up using a more generic command (and using a system variable for the domain name instead of a hard code) and forced the redirect.

One of these days soon I need to take a bare metal backup of the system, nuke it and upgrade CENTOS.. We are a few major revisions behind (not end of life yet, but our butt is dragging out the back door a bit). In theory with everything plugging in via virtualmin/webmin, recovery of the website and DBs should be relatively painless. I'll probably test that theory first on a local computer running the latest CENTOS of course before I do that (plus our server hardware is at least 5 years old.. might be time to refresh that as well).
No.

User avatar
Isgrimnur
Posts: 58821
Joined: Sun Oct 15, 2006 12:29 am
Location: Dallas, TX
Contact:
Isgrimnur’s avatar
Snooze

Re: Securing Logins

Post by Isgrimnur » Fri Apr 28, 2017 2:51 pm

TT is back to busted.
Silver - 2k

Autobots and Starfleet officers — we fight together!

User avatar
GreenGoo
Posts: 39891
Joined: Thu Oct 14, 2004 10:46 pm
Location: Ottawa, ON

Re: Securing Logins

Post by GreenGoo » Fri Apr 28, 2017 2:53 pm

Hmmm, I wonder if there might be an Apache wrapper or something that leaves the website in http but serves it as https, which would bypass mucking with php completely, although now you're mucking with Apache. Like standard app server/front end stuff, but all running on the same server.

In any case, you've got it running and nice job.

I'm still on CentOS 6 (as are our prod linux boxes) but I'm in no rush.

nmap tells me OO is running on 3? Heh. Ouch. :P
Last edited by GreenGoo on Fri Apr 28, 2017 3:00 pm, edited 1 time in total.

User avatar
FishPants
Server WhOOre
Posts: 4365
Joined: Fri Oct 15, 2004 1:38 pm
Location: Canada
fishpants’s avatar
Loading…

Re: Securing Logins

Post by FishPants » Fri Apr 28, 2017 2:54 pm

Isgrimnur wrote:TT is back to busted.
Odd not on my end?

Anyone else confirm?


Sent from my iPhone using Tapatalk
No.

User avatar
$iljanus
Forum Moderator
Posts: 10516
Joined: Wed Oct 13, 2004 3:46 pm
Location: Under the bed...your bed...

Re: Securing Logins

Post by $iljanus » Fri Apr 28, 2017 2:56 pm

Tapatalk was busted for me around 2:30ish EST but is fine now. Perhaps relogging in will fix it?
tl;dr

Wise words of warning from Smoove B: Oh, how you all laughed when I warned you about the semen. Well, who's laughing now?

User avatar
gilraen
Posts: 2506
Joined: Wed Sep 04, 2013 7:45 pm
Location: Broomfield, CO

Re: Securing Logins

Post by gilraen » Fri Apr 28, 2017 2:57 pm

Seems fine on my phone.

Sent from my SM-G900T using Tapatalk

User avatar
$iljanus
Forum Moderator
Posts: 10516
Joined: Wed Oct 13, 2004 3:46 pm
Location: Under the bed...your bed...

Re: Securing Logins

Post by $iljanus » Fri Apr 28, 2017 2:57 pm

$iljanus wrote:Tapatalk was busted for me around 2:30ish EST but is fine now. Perhaps relogging in will fix it?
Uggh we have ads now though. Didn't have any before. My ad suggests ways to see if your spouse is cheating. Pretty tacky crap.
tl;dr

Wise words of warning from Smoove B: Oh, how you all laughed when I warned you about the semen. Well, who's laughing now?

User avatar
GreenGoo
Posts: 39891
Joined: Thu Oct 14, 2004 10:46 pm
Location: Ottawa, ON

Re: Securing Logins

Post by GreenGoo » Fri Apr 28, 2017 3:01 pm

No sign of ads for me. Is that tapatalk only?

User avatar
$iljanus
Forum Moderator
Posts: 10516
Joined: Wed Oct 13, 2004 3:46 pm
Location: Under the bed...your bed...

Re: Securing Logins

Post by $iljanus » Fri Apr 28, 2017 3:02 pm

Oops yeah it's a tapatalk thing.
tl;dr

Wise words of warning from Smoove B: Oh, how you all laughed when I warned you about the semen. Well, who's laughing now?

User avatar
GreenGoo
Posts: 39891
Joined: Thu Oct 14, 2004 10:46 pm
Location: Ottawa, ON

Re: Securing Logins

Post by GreenGoo » Fri Apr 28, 2017 3:06 pm

$iljanus wrote:Oops yeah it's a tapatalk thing.
No it was clear, I just didn't read your post in context with the other posts around it.

User avatar
Isgrimnur
Posts: 58821
Joined: Sun Oct 15, 2006 12:29 am
Location: Dallas, TX
Contact:
Isgrimnur’s avatar
Snooze

Re: Securing Logins

Post by Isgrimnur » Fri Apr 28, 2017 3:15 pm

Back in on the app.
Silver - 2k

Autobots and Starfleet officers — we fight together!

User avatar
hentzau
Posts: 13493
Joined: Thu Oct 21, 2004 11:06 am
Location: Castle Zenda, Ruritania
Hentzau’s avatar
Loading…

Re: Securing Logins

Post by hentzau » Fri Apr 28, 2017 4:05 pm

I had to kill tapatalk to get back in, but I'm in OK now. Thanks!
"Women are naturally secretive, and they like to do their own secreting." - Sherlock Holmes, A Scandal in Bohemia

User avatar
Zarathud
Posts: 13470
Joined: Fri Oct 15, 2004 10:29 pm
Location: Chicago, Illinois

Re: Securing Logins

Post by Zarathud » Fri Apr 28, 2017 4:25 pm

Same here -- but had to quit OO and resubscribe in Tapatalk.
"If the facts don't fit the theory, change the facts." - Albert Einstein
"When the president does it, that means that it is not illegal. - Nixon
"I don't stand by anything." - Trump
“Bad men need nothing more to compass their ends, than that good men should look on and do nothing.” - John Stuart Mill, Inaugural Address Delivered to the University of St Andrews, 2/1/1867

User avatar
$iljanus
Forum Moderator
Posts: 10516
Joined: Wed Oct 13, 2004 3:46 pm
Location: Under the bed...your bed...

Re: Securing Logins

Post by $iljanus » Fri Apr 28, 2017 5:00 pm

Are all the tapatalk users seeing ads now or have they always have had ads and I'm just seeing them now?
tl;dr

Wise words of warning from Smoove B: Oh, how you all laughed when I warned you about the semen. Well, who's laughing now?

User avatar
Cylus Maxii
Posts: 3117
Joined: Fri Nov 05, 2004 10:13 pm
Location: Denver, CO
Contact:

Re: Securing Logins

Post by Cylus Maxii » Fri Apr 28, 2017 5:58 pm

FishPants wrote:
Cylus Maxii wrote:Can we please implement https for login?
I ordered (and installed) an SSL certificate.. Do me a favour please and try to use the site using https:// and let me know if any problems (before I force this site wide). I think I'll just make the whole damn site SSL rather then doing URL rewriting for login and registration pages.
Thanks for this effort! Everything works for me with Edge, Firefox and Tapatalk. I did have to kill TT after it erred the first time, and then it prompted for password the next time.
My nephew, Jake - "I mean is there really anything more pure? Than sweet zombie monkey love?"

User avatar
stessier
Posts: 24006
Joined: Tue Dec 21, 2004 12:30 pm
Location: SC

Re: Securing Logins

Post by stessier » Fri Apr 28, 2017 6:04 pm

I came home and am using an android tablet. It says the certificate comes from an untrusted source and i had to agree coming here was unsafe.
I require a reminder as to why raining arcane destruction is not an appropriate response to all of life's indignities. - Vaarsuvius
Global Steam Wishmaslist Tracking
Running____2014: 1300.55 miles____2015: 2036.13 miles____2016: 1012.75 miles____2017: 1105.82 miles____2018: 1318.91 miles

User avatar
TheMix
Posts: 7110
Joined: Thu Oct 14, 2004 5:19 pm
Location: Broomfield, Colorado
TheMix’s avatar
Away

Re: Securing Logins

Post by TheMix » Fri Apr 28, 2017 6:11 pm

stessier wrote:coming here was unsafe.
Well that's a given. Isn't it?
Isgrimnur - Facebook makes you hate your friends and family. LinkedIn makes you hate you co-workers. NextDoor makes you hate your neighbors.

User avatar
stessier
Posts: 24006
Joined: Tue Dec 21, 2004 12:30 pm
Location: SC

Re: Securing Logins

Post by stessier » Fri Apr 28, 2017 6:25 pm

Yeah, but hadn't realizsd it was documented.
I require a reminder as to why raining arcane destruction is not an appropriate response to all of life's indignities. - Vaarsuvius
Global Steam Wishmaslist Tracking
Running____2014: 1300.55 miles____2015: 2036.13 miles____2016: 1012.75 miles____2017: 1105.82 miles____2018: 1318.91 miles

User avatar
FishPants
Server WhOOre
Posts: 4365
Joined: Fri Oct 15, 2004 1:38 pm
Location: Canada
fishpants’s avatar
Loading…

Re: Securing Logins

Post by FishPants » Fri Apr 28, 2017 8:33 pm

stessier wrote:I came home and am using an android tablet. It says the certificate comes from an untrusted source and i had to agree coming here was unsafe.
No, cert is from rapidssl this is not a self signed cert. Is this an old android? Maybe I need to install ca chain certain too..?
No.

User avatar
FishPants
Server WhOOre
Posts: 4365
Joined: Fri Oct 15, 2004 1:38 pm
Location: Canada
fishpants’s avatar
Loading…

Re: Securing Logins

Post by FishPants » Fri Apr 28, 2017 8:34 pm

$iljanus wrote:
$iljanus wrote:Tapatalk was busted for me around 2:30ish EST but is fine now. Perhaps relogging in will fix it?
Uggh we have ads now though. Didn't have any before. My ad suggests ways to see if your spouse is cheating. Pretty tacky crap.
Oh hell no. I'm on the road for a kiddo competition and am watching the baseball game on my laptop.. I'll check the dashboard in a bit and see what's up with that.
No.

User avatar
Jolor
Posts: 2890
Joined: Wed Oct 13, 2004 8:25 am

Re: Securing Logins

Post by Jolor » Fri Apr 28, 2017 8:44 pm

Firefox 53.0 does not allow:
uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported. Error code: SEC_ERROR_UNKNOWN_ISSUER

In via Chrome OK.
So sayeth the wise Alaundo.

User avatar
FishPants
Server WhOOre
Posts: 4365
Joined: Fri Oct 15, 2004 1:38 pm
Location: Canada
fishpants’s avatar
Loading…

Re: Securing Logins

Post by FishPants » Fri Apr 28, 2017 8:46 pm

Jolor wrote:Firefox 53.0 does not allow:
uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported. Error code: SEC_ERROR_UNKNOWN_ISSUER

In via Chrome OK.
Can you view the cert in Firefox? Sounds like I need to install intermediary certs.
No.

User avatar
FishPants
Server WhOOre
Posts: 4365
Joined: Fri Oct 15, 2004 1:38 pm
Location: Canada
fishpants’s avatar
Loading…

Re: Securing Logins

Post by FishPants » Fri Apr 28, 2017 8:51 pm

$iljanus wrote:
$iljanus wrote:Tapatalk was busted for me around 2:30ish EST but is fine now. Perhaps relogging in will fix it?
Uggh we have ads now though. Didn't have any before. My ad suggests ways to see if your spouse is cheating. Pretty tacky crap.
Logged in, tapatalk now wants ME to pay $60 to not enable ads. Fuck them. This app is borderline malware, but I'm not paying them a red cent.

Sorry guys, looks like now you get ads.
No.

User avatar
$iljanus
Forum Moderator
Posts: 10516
Joined: Wed Oct 13, 2004 3:46 pm
Location: Under the bed...your bed...

Re: Securing Logins

Post by $iljanus » Fri Apr 28, 2017 9:01 pm

FishPants wrote:
$iljanus wrote:
$iljanus wrote:Tapatalk was busted for me around 2:30ish EST but is fine now. Perhaps relogging in will fix it?
Uggh we have ads now though. Didn't have any before. My ad suggests ways to see if your spouse is cheating. Pretty tacky crap.
Logged in, tapatalk now wants ME to pay $60 to not enable ads. Fuck them. This app is borderline malware, but I'm not paying them a red cent.

Sorry guys, looks like now you get ads.
No need to apologize. I wonder if there's another app that's similar? Tapatalk is easier to read and use on my phone but the ads are really intrusive to me. I could pony up some cash to buy the ad free user version I guess or get used to it until I click on an ad by mistake.
tl;dr

Wise words of warning from Smoove B: Oh, how you all laughed when I warned you about the semen. Well, who's laughing now?

User avatar
Jolor
Posts: 2890
Joined: Wed Oct 13, 2004 8:25 am

Re: Securing Logins

Post by Jolor » Fri Apr 28, 2017 9:07 pm

FishPants wrote:
Jolor wrote:Firefox 53.0 does not allow:
uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported. Error code: SEC_ERROR_UNKNOWN_ISSUER

In via Chrome OK.
Can you view the cert in Firefox? Sounds like I need to install intermediary certs.
Yes. Anything you want me to look for, specifically?
So sayeth the wise Alaundo.

User avatar
FishPants
Server WhOOre
Posts: 4365
Joined: Fri Oct 15, 2004 1:38 pm
Location: Canada
fishpants’s avatar
Loading…

Re: Securing Logins

Post by FishPants » Fri Apr 28, 2017 9:42 pm

Jolor wrote:
FishPants wrote:
Jolor wrote:Firefox 53.0 does not allow:
uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported. Error code: SEC_ERROR_UNKNOWN_ISSUER

In via Chrome OK.
Can you view the cert in Firefox? Sounds like I need to install intermediary certs.
Yes. Anything you want me to look for, specifically?
Does it show it being a rapidssl cert? And you are using the oo URL?


Sent from my iPhone using Tapatalk
No.

Post Reply