User Controls
Site not secure?
-
2017-02-09 at 1:24 AM UTC
-
2017-02-09 at 1:26 AM UTCLol. This and encyclopedia dramatica of all sites are the only sites that have never thrown security warnings on my pc
Even Google throws it sometimes -
2017-02-09 at 1:33 AM UTCIt's been giving me this for a few days now though.
-
2017-02-09 at 1:36 AM UTCYou have a good plugin there, what is it?.
There are spam threads here in the sub forum I moderate. Some of those threads have pictures and if you click on the picture it links you to a site, its like a hotlinked picture from hell, really clever, its a BBCode something or other, too lazy too look it up.
Also there are certain threads involving illegal content which have malicious links, its a form of social engineering.
Your little plugin scanner thing actually scanned every thread on the website and found like 40 malicious links
This forum is infested with PI rats, scoundrels and faggots alike.
http://niggasin.space/forum/26
The notorious FORUM 26 the darkest hole in the entire internet.
Who is the spammer??? NOBODY KNOWS!!! ITS THE FUCKING CAPER THAT KEEPS ME AWAKE AT NIGHT AND STOPS ME FROM GOING POSTAL!.
THE FUCKING CAPER OF THE MILLENIUM IM TELLING YOU.
-
2017-02-09 at 1:45 AM UTCNIS has never had an ssl cert as far as I know, probably chrome update - detects a login form and warns you if there's no valid SSL certThe following users say it would be alright if the author of this post didn't die in a fire!
-
2017-02-09 at 2:34 AM UTCIt's just Sophie.
-
2017-02-09 at 2:51 AM UTCOR IS IT?!
-
2017-02-09 at 3:22 AM UTCIt's cool you can still post your credit card #The following users say it would be alright if the author of this post didn't die in a fire!
-
2017-02-09 at 3:46 AM UTCThe following users say it would be alright if the author of this post didn't die in a fire!
-
2017-02-09 at 3:48 AM UTCAND THEN THERES ALTS!!
-
2017-02-10 at 3:26 AM UTCSSL would be appreciated, way safer to use SSL if you're browsing over Tor. Then it's harder for the exit nodes to sniff around, https would help prevent it.
-
2017-02-10 at 4:21 AM UTCYeah, it's no SSL. I was thinking it was like $100+ which isn't bad but more than I felt like throwing down up front but for single domain it's actually pretty cheap. I'll look into it.
-
2017-02-10 at 4:48 AM UTC
Originally posted by 0Death SSL would be appreciated, way safer to use SSL if you're browsing over Tor. Then it's harder for the exit nodes to sniff around, https would help prevent it.
Originally posted by aldra NIS has never had an ssl cert as far as I know, probably chrome update - detects a login form and warns you if there's no valid SSL cert
Oh yeah now I remember, it used to be behind cloudflare, which lets you piggy back their ssl cert. Those were dark days. No ssl is infinitely better than that and probably more secure in some sense.
Originally posted by Lanny Yeah, it's no SSL. I was thinking it was like $100+ which isn't bad but more than I felt like throwing down up front but for single domain it's actually pretty cheap. I'll look into it.
You could even use a self signed cert and post the hash on github or something for those who want it. The push for ssl everywhere seems kind of overblown, the worst that could happen here is someone interferes with my shitposting. -
2017-02-10 at 4:52 AM UTC
It's just good practice man.
-
2017-02-10 at 5:14 AM UTCI'm of the opinion that a self signed cert is worse than no SSL at all, self signing encourages people to ignore warnings or worse acknowledging untrusted certificate authorities, it's a false sense of security as far as I'm concerned. At least with no SSL people who care should understand there's a risk of MitM.
In any case, letsencrypt is now issuing free certs, which is cool, https is now working. Serving http alongside because I'm not convinced everything ever (especially anonymous sessions) needs SSL, but if you're signing in I encourage you to use it, I will.
Your browser may still refuse to show you the happy green lock of warm-safe-feelings on some pages since users can embed non-SSL images. If this bothers you you can disable images either from your user profile page or through your browser.The following users say it would be alright if the author of this post didn't die in a fire! -
2017-02-10 at 5:31 AM UTCHey Zok I'm really happy for you and imma let you finish, but LANNY IS THE BEST ADMIN OF ALL TIME. OF ALL TIME.
-
2017-02-10 at 5:32 AM UTCSo is it gonna default to https or what
-
2017-02-10 at 5:42 AM UTCWhat's the typical strategy for "defaulting" to SSL? Issuing redirects on all HTTP pages isn't what I want. I guess I could do HSTS but if your UA supports it there's no way to opt out so it's not exactly what I want.
-
2017-02-10 at 6:45 AM UTCI believe most sites that "default" use automatic redirects. Many host and domain providers offer free redirects.
It's honestly not important honestly, just asking. I think it also works if you only have a redirect on one page, for example the index, correct me if I'm wrong for thinking all subsequent actions will simply be https as a result. -
2017-02-10 at 7:01 AM UTCLots of places won't service an HTTP request and redirect you to the HTTPS url but the issue is that if you wanted to use HTTP for some reason you just can't (and there still exist useragents in the world that don't support SSL). Also I rarely care about it but HSTS does fuck up captive portal wankery which is unfortunately a reality.
But yeah, as soon as you're on an HTTPS page every link is interpreted as HTTPS unless explicitly set otherwise which never happens here.
