Securing Logins

Discuss site matters here

Moderators: FishPants, ooRip

User avatar
Cylus Maxii
Posts: 3348
Joined: Fri Nov 05, 2004 10:13 pm
Location: Denver, CO
Contact:

Securing Logins

Post by Cylus Maxii »

Can we please implement https for login?
My nephew, Jake - "I mean is there really anything more pure? Than sweet zombie monkey love?"
User avatar
FishPants
Server WhOOre
Posts: 4658
Joined: Fri Oct 15, 2004 1:38 pm
Location: Canada

Re: Securing Logins

Post by FishPants »

I'll look into it.. I'm hesitant to enhance this version much, but it's a reasonable request. I'll see what the effort is to purchase a cert, and then rewrite URLs to https.
No.
User avatar
FishPants
Server WhOOre
Posts: 4658
Joined: Fri Oct 15, 2004 1:38 pm
Location: Canada

Re: Securing Logins

Post by FishPants »

Cylus Maxii wrote:Can we please implement https for login?
I ordered (and installed) an SSL certificate.. Do me a favour please and try to use the site using https:// and let me know if any problems (before I force this site wide). I think I'll just make the whole damn site SSL rather then doing URL rewriting for login and registration pages.
No.
User avatar
stessier
Posts: 29816
Joined: Tue Dec 21, 2004 12:30 pm
Location: SC

Re: Securing Logins

Post by stessier »

Works for me using Chrome and prosilver.
I require a reminder as to why raining arcane destruction is not an appropriate response to all of life's indignities. - Vaarsuvius
Global Steam Wishmaslist Tracking
Running____2014: 1300.55 miles____2015: 2036.13 miles____2016: 1012.75 miles____2017: 1105.82 miles____2018: 1318.91 miles__2019: 2000.00 miles
User avatar
FishPants
Server WhOOre
Posts: 4658
Joined: Fri Oct 15, 2004 1:38 pm
Location: Canada

Re: Securing Logins

Post by FishPants »

Ok well I added a rewrite in htaccess to force SSL. Let me know if any problems (I also forced all cookies to use secure, so you might get logged out until you relogin under https.. maybe not.. the intertubez is muddy on this).

Anyways good suggestion, thanks.
No.
User avatar
stessier
Posts: 29816
Joined: Tue Dec 21, 2004 12:30 pm
Location: SC

Re: Securing Logins

Post by stessier »

I didn't get logged out, but all the graphics were reloaded (noticed most on the smilies as they popped in rather slowly). No slow down in speed after the first visit to each board, though.
I require a reminder as to why raining arcane destruction is not an appropriate response to all of life's indignities. - Vaarsuvius
Global Steam Wishmaslist Tracking
Running____2014: 1300.55 miles____2015: 2036.13 miles____2016: 1012.75 miles____2017: 1105.82 miles____2018: 1318.91 miles__2019: 2000.00 miles
User avatar
Isgrimnur
Posts: 82085
Joined: Sun Oct 15, 2006 12:29 am
Location: Chookity pok
Contact:

Re: Securing Logins

Post by Isgrimnur »

You broke Tapatalk.
It's almost as if people are the problem.
User avatar
FishPants
Server WhOOre
Posts: 4658
Joined: Fri Oct 15, 2004 1:38 pm
Location: Canada

Re: Securing Logins

Post by FishPants »

Isgrimnur wrote:You broke Tapatalk.
I apparently need to login to tapatalk to configure the dashboard.. I have six passwords in lastpass for tapatalk, none of them work (lastpass and tapatalk never get along...).. So I do a password reset, it never sends me the email to reset the password.

I'll wait and see, but as usual Tapatalk is a bit of a gong show.
No.
User avatar
GreenGoo
Posts: 42239
Joined: Thu Oct 14, 2004 10:46 pm
Location: Ottawa, ON

Re: Securing Logins

Post by GreenGoo »

When I post, the redirect afterwards is broken. from the url it looks like it's tacking on the port number (80 which is standard http. If the port is hard coded, should be 443, no?).

I'll grab the URL and post it here for you, just a sec.

edit: here's the URL from the first time I posted this post.

Code: Select all

https://www.octopusoverlords.com:80/forum/viewtopic.php?f=10&t=94323&p=2467947#p2467947
That's the redirect after the "message has been posted successfully" page, and it fails.

edit2: Removing the port number fixes the URL, fyi. So whatever is inserting the :80 on the end of the domain is breaking it.

edit3: changing :80 to :443 also works, fyi.
Last edited by GreenGoo on Fri Apr 28, 2017 2:25 pm, edited 3 times in total.
User avatar
FishPants
Server WhOOre
Posts: 4658
Joined: Fri Oct 15, 2004 1:38 pm
Location: Canada

Re: Securing Logins

Post by FishPants »

Isgrimnur wrote:You broke Tapatalk.
I'm relying using the stupid app. Think I fixed it.


Sent from my iPhone using Tapatalk
No.
User avatar
Isgrimnur
Posts: 82085
Joined: Sun Oct 15, 2006 12:29 am
Location: Chookity pok
Contact:

Re: Securing Logins

Post by Isgrimnur »

I'm back in through the app. Thank you.
It's almost as if people are the problem.
User avatar
FishPants
Server WhOOre
Posts: 4658
Joined: Fri Oct 15, 2004 1:38 pm
Location: Canada

Re: Securing Logins

Post by FishPants »

GreenGoo wrote:When I post, the redirect afterwards is broken. from the url it looks like it's tacking on the port number (80 which is standard http. If the port is hard coded, should be 443, no?).

I'll grab the URL and post it here for you, just a sec.

edit: here's the URL from the first time I posted this post.

Code: Select all

https://www.octopusoverlords.com:80/forum/viewtopic.php?f=10&t=94323&p=2467947#p2467947
That's the redirect after the "message has been posted successfully" page, and it fails.

edit2: Removing the port number fixes the URL, fyi. So whatever is inserting the :80 on the end of the domain is breaking it.

edit3: changing :80 to :443 also works, fyi.

Thanks.. I turned off all rewriting in apache and it was still doing it.. found another setting in PHPbb3 that I mucked with, reversed that and it seemed to fix it.. Going to turn rewriting back on and see if the stupid hard coded port comes back (seriously who hard codes a f'ing port).
No.
User avatar
FishPants
Server WhOOre
Posts: 4658
Joined: Fri Oct 15, 2004 1:38 pm
Location: Canada

Re: Securing Logins

Post by FishPants »

Ok I think I have HTTPS rewriting working again, and the referral link after posting working as well as Tapatalk restored. Phew.
No.
User avatar
GreenGoo
Posts: 42239
Joined: Thu Oct 14, 2004 10:46 pm
Location: Ottawa, ON

Re: Securing Logins

Post by GreenGoo »

Yep, working for me. Nice job.

How painful was it?
User avatar
FishPants
Server WhOOre
Posts: 4658
Joined: Fri Oct 15, 2004 1:38 pm
Location: Canada

Re: Securing Logins

Post by FishPants »

Not bad really.. I ordered a cert through rapidssl (reseller of anyways).. $20 for 3 years, took them about 5-6 hours to cough it up though after I submitted the CSR.

The trouble is every jackwagon on the Internet has a different method of doing the rewrite for phpbb3 in Apache.. Ends up 99% of them were wrong. Ended up using a more generic command (and using a system variable for the domain name instead of a hard code) and forced the redirect.

One of these days soon I need to take a bare metal backup of the system, nuke it and upgrade CENTOS.. We are a few major revisions behind (not end of life yet, but our butt is dragging out the back door a bit). In theory with everything plugging in via virtualmin/webmin, recovery of the website and DBs should be relatively painless. I'll probably test that theory first on a local computer running the latest CENTOS of course before I do that (plus our server hardware is at least 5 years old.. might be time to refresh that as well).
No.
User avatar
Isgrimnur
Posts: 82085
Joined: Sun Oct 15, 2006 12:29 am
Location: Chookity pok
Contact:

Re: Securing Logins

Post by Isgrimnur »

TT is back to busted.
It's almost as if people are the problem.
User avatar
GreenGoo
Posts: 42239
Joined: Thu Oct 14, 2004 10:46 pm
Location: Ottawa, ON

Re: Securing Logins

Post by GreenGoo »

Hmmm, I wonder if there might be an Apache wrapper or something that leaves the website in http but serves it as https, which would bypass mucking with php completely, although now you're mucking with Apache. Like standard app server/front end stuff, but all running on the same server.

In any case, you've got it running and nice job.

I'm still on CentOS 6 (as are our prod linux boxes) but I'm in no rush.

nmap tells me OO is running on 3? Heh. Ouch. :P
Last edited by GreenGoo on Fri Apr 28, 2017 3:00 pm, edited 1 time in total.
User avatar
FishPants
Server WhOOre
Posts: 4658
Joined: Fri Oct 15, 2004 1:38 pm
Location: Canada

Re: Securing Logins

Post by FishPants »

Isgrimnur wrote:TT is back to busted.
Odd not on my end?

Anyone else confirm?


Sent from my iPhone using Tapatalk
No.
User avatar
$iljanus
Forum Moderator
Posts: 13676
Joined: Wed Oct 13, 2004 3:46 pm
Location: New England...or under your bed

Re: Securing Logins

Post by $iljanus »

Tapatalk was busted for me around 2:30ish EST but is fine now. Perhaps relogging in will fix it?
Black lives matter!

Wise words of warning from Smoove B: Oh, how you all laughed when I warned you about the semen. Well, who's laughing now?
User avatar
gilraen
Posts: 4313
Joined: Wed Sep 04, 2013 7:45 pm
Location: Broomfield, CO

Re: Securing Logins

Post by gilraen »

Seems fine on my phone.

Sent from my SM-G900T using Tapatalk
User avatar
$iljanus
Forum Moderator
Posts: 13676
Joined: Wed Oct 13, 2004 3:46 pm
Location: New England...or under your bed

Re: Securing Logins

Post by $iljanus »

$iljanus wrote:Tapatalk was busted for me around 2:30ish EST but is fine now. Perhaps relogging in will fix it?
Uggh we have ads now though. Didn't have any before. My ad suggests ways to see if your spouse is cheating. Pretty tacky crap.
Black lives matter!

Wise words of warning from Smoove B: Oh, how you all laughed when I warned you about the semen. Well, who's laughing now?
User avatar
GreenGoo
Posts: 42239
Joined: Thu Oct 14, 2004 10:46 pm
Location: Ottawa, ON

Re: Securing Logins

Post by GreenGoo »

No sign of ads for me. Is that tapatalk only?
User avatar
$iljanus
Forum Moderator
Posts: 13676
Joined: Wed Oct 13, 2004 3:46 pm
Location: New England...or under your bed

Re: Securing Logins

Post by $iljanus »

Oops yeah it's a tapatalk thing.
Black lives matter!

Wise words of warning from Smoove B: Oh, how you all laughed when I warned you about the semen. Well, who's laughing now?
User avatar
GreenGoo
Posts: 42239
Joined: Thu Oct 14, 2004 10:46 pm
Location: Ottawa, ON

Re: Securing Logins

Post by GreenGoo »

$iljanus wrote:Oops yeah it's a tapatalk thing.
No it was clear, I just didn't read your post in context with the other posts around it.
User avatar
Isgrimnur
Posts: 82085
Joined: Sun Oct 15, 2006 12:29 am
Location: Chookity pok
Contact:

Re: Securing Logins

Post by Isgrimnur »

Back in on the app.
It's almost as if people are the problem.
User avatar
hentzau
Posts: 15092
Joined: Thu Oct 21, 2004 11:06 am
Location: Castle Zenda, Ruritania

Re: Securing Logins

Post by hentzau »

I had to kill tapatalk to get back in, but I'm in OK now. Thanks!
“We can never allow Murania to become desecrated by the presence of surface people. Our lives are serene, our minds are superior, our accomplishments greater. Gene Autry must be captured!!!” - Queen Tika, The Phantom Empire
User avatar
Zarathud
Posts: 16434
Joined: Fri Oct 15, 2004 10:29 pm
Location: Chicago, Illinois

Re: Securing Logins

Post by Zarathud »

Same here -- but had to quit OO and resubscribe in Tapatalk.
"If the facts don't fit the theory, change the facts." - Albert Einstein
"I don't stand by anything." - Trump
“Bad men need nothing more to compass their ends, than that good men should look on and do nothing.” - John Stuart Mill, Inaugural Address Delivered to the University of St Andrews, 2/1/1867
“It is the impractical things in this tumultuous hell-scape of a world that matter most. A book, a name, chicken soup. They help us remember that, even in our darkest hour, life is still to be savored.” - Poe, Altered Carbon
User avatar
$iljanus
Forum Moderator
Posts: 13676
Joined: Wed Oct 13, 2004 3:46 pm
Location: New England...or under your bed

Re: Securing Logins

Post by $iljanus »

Are all the tapatalk users seeing ads now or have they always have had ads and I'm just seeing them now?
Black lives matter!

Wise words of warning from Smoove B: Oh, how you all laughed when I warned you about the semen. Well, who's laughing now?
User avatar
Cylus Maxii
Posts: 3348
Joined: Fri Nov 05, 2004 10:13 pm
Location: Denver, CO
Contact:

Re: Securing Logins

Post by Cylus Maxii »

FishPants wrote:
Cylus Maxii wrote:Can we please implement https for login?
I ordered (and installed) an SSL certificate.. Do me a favour please and try to use the site using https:// and let me know if any problems (before I force this site wide). I think I'll just make the whole damn site SSL rather then doing URL rewriting for login and registration pages.
Thanks for this effort! Everything works for me with Edge, Firefox and Tapatalk. I did have to kill TT after it erred the first time, and then it prompted for password the next time.
My nephew, Jake - "I mean is there really anything more pure? Than sweet zombie monkey love?"
User avatar
stessier
Posts: 29816
Joined: Tue Dec 21, 2004 12:30 pm
Location: SC

Re: Securing Logins

Post by stessier »

I came home and am using an android tablet. It says the certificate comes from an untrusted source and i had to agree coming here was unsafe.
I require a reminder as to why raining arcane destruction is not an appropriate response to all of life's indignities. - Vaarsuvius
Global Steam Wishmaslist Tracking
Running____2014: 1300.55 miles____2015: 2036.13 miles____2016: 1012.75 miles____2017: 1105.82 miles____2018: 1318.91 miles__2019: 2000.00 miles
User avatar
TheMix
Posts: 10904
Joined: Thu Oct 14, 2004 5:19 pm
Location: Broomfield, Colorado

Re: Securing Logins

Post by TheMix »

stessier wrote:coming here was unsafe.
Well that's a given. Isn't it?

Black Lives Matter

Isgrimnur - Facebook makes you hate your friends and family. LinkedIn makes you hate you co-workers. NextDoor makes you hate your neighbors.
User avatar
stessier
Posts: 29816
Joined: Tue Dec 21, 2004 12:30 pm
Location: SC

Re: Securing Logins

Post by stessier »

Yeah, but hadn't realizsd it was documented.
I require a reminder as to why raining arcane destruction is not an appropriate response to all of life's indignities. - Vaarsuvius
Global Steam Wishmaslist Tracking
Running____2014: 1300.55 miles____2015: 2036.13 miles____2016: 1012.75 miles____2017: 1105.82 miles____2018: 1318.91 miles__2019: 2000.00 miles
User avatar
FishPants
Server WhOOre
Posts: 4658
Joined: Fri Oct 15, 2004 1:38 pm
Location: Canada

Re: Securing Logins

Post by FishPants »

stessier wrote:I came home and am using an android tablet. It says the certificate comes from an untrusted source and i had to agree coming here was unsafe.
No, cert is from rapidssl this is not a self signed cert. Is this an old android? Maybe I need to install ca chain certain too..?
No.
User avatar
FishPants
Server WhOOre
Posts: 4658
Joined: Fri Oct 15, 2004 1:38 pm
Location: Canada

Re: Securing Logins

Post by FishPants »

$iljanus wrote:
$iljanus wrote:Tapatalk was busted for me around 2:30ish EST but is fine now. Perhaps relogging in will fix it?
Uggh we have ads now though. Didn't have any before. My ad suggests ways to see if your spouse is cheating. Pretty tacky crap.
Oh hell no. I'm on the road for a kiddo competition and am watching the baseball game on my laptop.. I'll check the dashboard in a bit and see what's up with that.
No.
User avatar
Jolor
Posts: 3247
Joined: Wed Oct 13, 2004 8:25 am

Re: Securing Logins

Post by Jolor »

Firefox 53.0 does not allow:
uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported. Error code: SEC_ERROR_UNKNOWN_ISSUER

In via Chrome OK.
So sayeth the wise Alaundo.
User avatar
FishPants
Server WhOOre
Posts: 4658
Joined: Fri Oct 15, 2004 1:38 pm
Location: Canada

Re: Securing Logins

Post by FishPants »

Jolor wrote:Firefox 53.0 does not allow:
uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported. Error code: SEC_ERROR_UNKNOWN_ISSUER

In via Chrome OK.
Can you view the cert in Firefox? Sounds like I need to install intermediary certs.
No.
User avatar
FishPants
Server WhOOre
Posts: 4658
Joined: Fri Oct 15, 2004 1:38 pm
Location: Canada

Re: Securing Logins

Post by FishPants »

$iljanus wrote:
$iljanus wrote:Tapatalk was busted for me around 2:30ish EST but is fine now. Perhaps relogging in will fix it?
Uggh we have ads now though. Didn't have any before. My ad suggests ways to see if your spouse is cheating. Pretty tacky crap.
Logged in, tapatalk now wants ME to pay $60 to not enable ads. Fuck them. This app is borderline malware, but I'm not paying them a red cent.

Sorry guys, looks like now you get ads.
No.
User avatar
$iljanus
Forum Moderator
Posts: 13676
Joined: Wed Oct 13, 2004 3:46 pm
Location: New England...or under your bed

Re: Securing Logins

Post by $iljanus »

FishPants wrote:
$iljanus wrote:
$iljanus wrote:Tapatalk was busted for me around 2:30ish EST but is fine now. Perhaps relogging in will fix it?
Uggh we have ads now though. Didn't have any before. My ad suggests ways to see if your spouse is cheating. Pretty tacky crap.
Logged in, tapatalk now wants ME to pay $60 to not enable ads. Fuck them. This app is borderline malware, but I'm not paying them a red cent.

Sorry guys, looks like now you get ads.
No need to apologize. I wonder if there's another app that's similar? Tapatalk is easier to read and use on my phone but the ads are really intrusive to me. I could pony up some cash to buy the ad free user version I guess or get used to it until I click on an ad by mistake.
Black lives matter!

Wise words of warning from Smoove B: Oh, how you all laughed when I warned you about the semen. Well, who's laughing now?
User avatar
Jolor
Posts: 3247
Joined: Wed Oct 13, 2004 8:25 am

Re: Securing Logins

Post by Jolor »

FishPants wrote:
Jolor wrote:Firefox 53.0 does not allow:
uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported. Error code: SEC_ERROR_UNKNOWN_ISSUER

In via Chrome OK.
Can you view the cert in Firefox? Sounds like I need to install intermediary certs.
Yes. Anything you want me to look for, specifically?
So sayeth the wise Alaundo.
User avatar
FishPants
Server WhOOre
Posts: 4658
Joined: Fri Oct 15, 2004 1:38 pm
Location: Canada

Re: Securing Logins

Post by FishPants »

Jolor wrote:
FishPants wrote:
Jolor wrote:Firefox 53.0 does not allow:
uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported. Error code: SEC_ERROR_UNKNOWN_ISSUER

In via Chrome OK.
Can you view the cert in Firefox? Sounds like I need to install intermediary certs.
Yes. Anything you want me to look for, specifically?
Does it show it being a rapidssl cert? And you are using the oo URL?


Sent from my iPhone using Tapatalk
No.
Post Reply