Unsecure Admin Login and Click Pics for users?

[mrac]

I've just paid to setup the new forum.
I'm being bitten by mosquitos, and I'm sweating buckets.

... and then the warning comes up, that my Admin login is going to be transmitted insecurely.

I understand that everything is scrutinised but, do we have to make it so simple for the criminals?

Can you tell me how to change my password in security please?

Also, the board is going to be multilingual.

Will the captchas be in their own language?

[Michael]

Hi,

What do you mean the admin login is going to be transmitted insecurely? Login is always done through SSL secure login server.

Passwords can be changed by logging into ProBoards.com and under "Account" select "Edit" in the Password row.

CAPTCHAs are provided by Google's ReCAPTCHA system.

[mrac]

Thanks for the quick response.
I reset the password, and had to login again.
I then got the attached screen shot ... which won't attatch.

... but it is the traditional dialogue box entititled Security Warning
Contents

The information will be sent over an insecure connection, and could be read by third parties.
Do you want to continue?

So I reloaded my forum, and again clicked login, and again the security warning was displayed.
Yet the greating page is
[https://mrac-p.freeforums.net/]

Indicating that the login link must be taking me to an insecure page.

You can imagine my concern.

Any ideas?

[Michael]

Hi,

The login page is SSL secured. 

I'm not certain why you're seeing it as insecure. Visiting the login page from the link on your forum takes me to a secure page. What browser are you using that is providing this warning?

[mrac]

I'm using Firefox
... and if you upgrade my post status, I could flash you a cut down screen shot.

[Michael]

All members (and staff) should be able to access the attachment feature. There is no post count requirement. What error are you encountering when attempting to add an attachment?

[mrac]

I'll try again

BTW I have just logged out, and loaded my forum, and got the big login graphics and text boxes on a https page.

I thought okay, maybe it has solved itself.
But no.

I entered Admin and the password.
Went through the captchas and got the 'redirect page' plus the warning
... as attatched

Only it won't attatch again.
and BBCode doesn't load.

[Michael]

Hi,

There is likely an issue with your browser or your connection. Can you try another one to see if you still experience issues? All login is processed through an SSL secured server.

Edit: Also you still have not provided specific error messages for what is preventing you from adding an attachment. 

[mrac]

I'll try chrome.

There are no error messages when clicking attachment.
Simply, nothing happens.

I'll stay logged on in firefox, and try and log on in chrome

[Michael]

It is possible that your browser is showing an insecure message because it is being redirected to our secure login server. If that is the case I'd suggest simply ignoring the message as no data is being transferred insecurely.

If you're using a popup or ad-blocker it could be preventing the ad attachment popup from appearing.

[mrac]

This reply is made using Chrome.

I have the font tools, and 
the attachments.

I find it all worrying - in a deep and thoughtful way.

Firefox has always been better at genuinely identifying security threats.
Therefore it is hard to see how it would balk at a secure redirect.

My guess is that the redirect must have holes in it.

It's worth passing the word on.
However, there is so much pressure on major comms suppliers (proboards being one).....

Best of luck to everybody, and thanks for your assistance.
 

[Michael]

Hi,

No actual secure information is present on insecure pages. Information is not being sent insecurely. There is no security threat unless you make a habit of posting important private information on a public forum.

[mrac]

Ha Yes ... therein also lies the difficulty

[Michael]

Aug 8, 2019 14:56:06 GMT -8 mrac said:

Ha Yes ... therein also lies the difficulty

Not posting information you wish to keep private is difficult?

I'm confused.

[mrac]

No need for confusion.
Posting stuff on bulletin boards, when it's late, everything is new, and things aren't going to plan...

This is extremely common in the world of computers.

As it happens, the image posted was of a prior password redirect page.
... but I can assure you that the vast majority of people do not have a clue as to how to set up security, or even know what is secure and insecure.

I'm certainly no expert, and I've been in computing for decades.

RE LOGIN

In Chrome : What I have discovered is that, when loading my forum home page (in https)...
When I login, my home page becomes http.

In an earlier post in this thread, I suggested that there must be some holes in the redirect security (found by firefox).

Could this be it?

Consequences

I can then open up my Admin profile, categories, and everything in http.

Otherwise

Once logged in, I can load a new instance of my home page, again using https and the page then displays in https.

Therefore, to login I must login from a https page ... be taken to a http page, and then load a new page using a https link.

Are you aware of this?

Either way, there does appear to be a bug in the login system.

To be taken from a https page, and redirected to a http page is clearly not great.

It does raise doubt over the security of the login process (as alerted by firefox, stating clearly that the information being transmitted is not secure).

Presumably this should investigated.

Thanks for your support