User Controls

Site not secure?

  1. #1
  2. #2
    Lol. This and encyclopedia dramatica of all sites are the only sites that have never thrown security warnings on my pc

    Even Google throws it sometimes
  3. #3
    It's been giving me this for a few days now though.
  4. #4
    You have a good plugin there, what is it?.

    There are spam threads here in the sub forum I moderate. Some of those threads have pictures and if you click on the picture it links you to a site, its like a hotlinked picture from hell, really clever, its a BBCode something or other, too lazy too look it up.

    Also there are certain threads involving illegal content which have malicious links, its a form of social engineering.

    Your little plugin scanner thing actually scanned every thread on the website and found like 40 malicious links

    This forum is infested with PI rats, scoundrels and faggots alike.

    http://niggasin.space/forum/26

    The notorious FORUM 26 the darkest hole in the entire internet.

    Who is the spammer??? NOBODY KNOWS!!! ITS THE FUCKING CAPER THAT KEEPS ME AWAKE AT NIGHT AND STOPS ME FROM GOING POSTAL!.

    THE FUCKING CAPER OF THE MILLENIUM IM TELLING YOU.



  5. #5
    aldra JIDF Controlled Opposition
    NIS has never had an ssl cert as far as I know, probably chrome update - detects a login form and warns you if there's no valid SSL cert
    The following users say it would be alright if the author of this post didn't die in a fire!
  6. #6
    Ajax African Astronaut [rumor the placative aphakia]
    It's just Sophie.
  7. #7
    OR IS IT?!
  8. #8
    TreyGowdy Houston
    It's cool you can still post your credit card #
    The following users say it would be alright if the author of this post didn't die in a fire!
  9. #9
    Originally posted by TreyGowdy It's cool you can still post your credit card #

    6190 8675 309
    The following users say it would be alright if the author of this post didn't die in a fire!
  10. #10
    AND THEN THERES ALTS!!

  11. #11
    0Death Yung Blood
    SSL would be appreciated, way safer to use SSL if you're browsing over Tor. Then it's harder for the exit nodes to sniff around, https would help prevent it.
  12. #12
    Lanny Bird of Courage
    Yeah, it's no SSL. I was thinking it was like $100+ which isn't bad but more than I felt like throwing down up front but for single domain it's actually pretty cheap. I'll look into it.
  13. #13
    TreyGowdy Houston
    Originally posted by 0Death SSL would be appreciated, way safer to use SSL if you're browsing over Tor. Then it's harder for the exit nodes to sniff around, https would help prevent it.


    Originally posted by aldra NIS has never had an ssl cert as far as I know, probably chrome update - detects a login form and warns you if there's no valid SSL cert

    Oh yeah now I remember, it used to be behind cloudflare, which lets you piggy back their ssl cert. Those were dark days. No ssl is infinitely better than that and probably more secure in some sense.

    Originally posted by Lanny Yeah, it's no SSL. I was thinking it was like $100+ which isn't bad but more than I felt like throwing down up front but for single domain it's actually pretty cheap. I'll look into it.

    You could even use a self signed cert and post the hash on github or something for those who want it. The push for ssl everywhere seems kind of overblown, the worst that could happen here is someone interferes with my shitposting.
  14. #14

    It's just good practice man.
  15. #15
    Lanny Bird of Courage
    I'm of the opinion that a self signed cert is worse than no SSL at all, self signing encourages people to ignore warnings or worse acknowledging untrusted certificate authorities, it's a false sense of security as far as I'm concerned. At least with no SSL people who care should understand there's a risk of MitM.

    In any case, letsencrypt is now issuing free certs, which is cool, https is now working. Serving http alongside because I'm not convinced everything ever (especially anonymous sessions) needs SSL, but if you're signing in I encourage you to use it, I will.

    Your browser may still refuse to show you the happy green lock of warm-safe-feelings on some pages since users can embed non-SSL images. If this bothers you you can disable images either from your user profile page or through your browser.
    The following users say it would be alright if the author of this post didn't die in a fire!
  16. #16
    Hey Zok I'm really happy for you and imma let you finish, but LANNY IS THE BEST ADMIN OF ALL TIME. OF ALL TIME.
  17. #17
    So is it gonna default to https or what
  18. #18
    Lanny Bird of Courage
    What's the typical strategy for "defaulting" to SSL? Issuing redirects on all HTTP pages isn't what I want. I guess I could do HSTS but if your UA supports it there's no way to opt out so it's not exactly what I want.
  19. #19
    I believe most sites that "default" use automatic redirects. Many host and domain providers offer free redirects.

    It's honestly not important honestly, just asking. I think it also works if you only have a redirect on one page, for example the index, correct me if I'm wrong for thinking all subsequent actions will simply be https as a result.
  20. #20
    Lanny Bird of Courage
    Lots of places won't service an HTTP request and redirect you to the HTTPS url but the issue is that if you wanted to use HTTP for some reason you just can't (and there still exist useragents in the world that don't support SSL). Also I rarely care about it but HSTS does fuck up captive portal wankery which is unfortunately a reality.

    But yeah, as soon as you're on an HTTPS page every link is interpreted as HTTPS unless explicitly set otherwise which never happens here.
Jump to Top