Advisory - site security update pending

This forum is for administrator/moderator updates on system status, updates, enhancements, etc.
Post Reply
User avatar
elc32955
System Manager
Posts: 2718
Joined: Thu Nov 29, 2012 10:32 am
Location: East Central Florida
Contact:

Advisory - site security update pending

Post by elc32955 »

Hi folks,

Just wanted to pass along to you that I'm shortly going to do something basic I should have probably done long ago - redirect traffic to the secure side of HTTP to take full advantage of our site's SSL certificate. I was browsing on my phone last night and saw that Google and my Chrome browser on my phone were both not happy with the fact we still had "HTTP" access enabled for the site in lieu of "HTTPS". So, I'm going to see if I can for once & all put this fax paus on my part to bed by using the "permanent redirect" feature within Cpanel which will send all of our traffic to the HTTPS site no matter what you type for a header - if you even still do that.

Now, this update I am going to make may have the effect of breaking some links or rendering part(s) of the site temporarily inaccessible, if this happens to you please drop me a PM or EMAIL and I'll fix it as I find the errors. If the whole thing blows up in our faces I can always flip the magic switch & back out the change, but only if absolutely necessary.

One of the down sides to having an independently authored & controlled ad-free site is that I don't have the luxury of having a permanent IT staff on-hand to handle these things for me when they come up. So, I tend more towards keeping a stable environment running and doing periodic changes and upgrades as the site absolutely needs them. In short, the ole "Don't fix it if it's not broke!" theory. Unfortunately the conservative tendencies on my part may have stopped some car owners from signing up on the system and participating as modern-day IT security would have you believe that if you use a HTTP-based site you are swimming in the River Styx.

Now if there is a benevolent user out there with Cpanel and phpBB experience that's worked in a hosting environment at a server level that might want to contribute a little pro bono effort for the good & harmonious continuation of our robust system, please PM or EMAIL me and we can talk.

I'll try this later on today, so this gives the message a little time to disseminate before I start throwing das magic switches.

Thanks
Eric
System Manager and your tour guide for the day. 2015 Caprice w/LFX, former NC DPS staff car. Partial hybrid G8/SS/Camaro SS interior mods, SS MyLink radio upgrade, 2016 Camaro V6 rims, GMPP Malibu chrome exhaust tips, otherwise bone stock for now.
User avatar
elc32955
System Manager
Posts: 2718
Joined: Thu Nov 29, 2012 10:32 am
Location: East Central Florida
Contact:

Re: Advisory - site security update pending

Post by elc32955 »

OK, I've performed the update. It's suggested that your individual DNS cache files be flushed since if you are still using an old version of the site directs that it could lead to a conflict. So please do so at your earliest convenience. If you use a program like Ccleaner to do your disk maintenance, it should do this automatically for you with no intervention required.

This may fix a problem we've had for a while now, it seems Gmail accounts have been bouncing for receiving automatic system mail from us via our mail server (watched topic notifications, PM's, etc...). I'll be watching this over the next few days to see if the issue resolves with the latest update, if not I'll need to take additional actions to fix that bug. Gmail is very picky about site & server authentication and will bounce you at the drop of a hat, so hopefully this update I made tonight helped.

Thanks
Eric
System Manager and your tour guide for the day. 2015 Caprice w/LFX, former NC DPS staff car. Partial hybrid G8/SS/Camaro SS interior mods, SS MyLink radio upgrade, 2016 Camaro V6 rims, GMPP Malibu chrome exhaust tips, otherwise bone stock for now.
smwalker
Administration Staff
Posts: 2201
Joined: Mon Jul 29, 2013 1:44 am
Location: Azusa,CA

Re: Advisory - site security update pending

Post by smwalker »

The site is keeping me logged in now. Used to always clear me out. That's an improvement!
Steve Walker
Azusa, CA
'11 PPV 9C3 Huron White
User avatar
elc32955
System Manager
Posts: 2718
Joined: Thu Nov 29, 2012 10:32 am
Location: East Central Florida
Contact:

Re: Advisory - site security update pending

Post by elc32955 »

Good, but it didn't fix the Gmail problem. I have a query into the webhost to have them interpret what I'm seeing with the error. It might be a DNS-required fix or an nameserver fix.

Eric
System Manager and your tour guide for the day. 2015 Caprice w/LFX, former NC DPS staff car. Partial hybrid G8/SS/Camaro SS interior mods, SS MyLink radio upgrade, 2016 Camaro V6 rims, GMPP Malibu chrome exhaust tips, otherwise bone stock for now.
s/c'd cav
Posts: 1382
Joined: Mon May 30, 2016 3:12 am
Location: PHOENIX AZ

Re: Advisory - site security update pending

Post by s/c'd cav »

what problem is gmail having ?
User avatar
elc32955
System Manager
Posts: 2718
Joined: Thu Nov 29, 2012 10:32 am
Location: East Central Florida
Contact:

Re: Advisory - site security update pending

Post by elc32955 »

It's not delivering the automatic messages from the system mailer such as notifications when you've been PM'd, watched topic activity, password reset confirmation, etc....
System Manager and your tour guide for the day. 2015 Caprice w/LFX, former NC DPS staff car. Partial hybrid G8/SS/Camaro SS interior mods, SS MyLink radio upgrade, 2016 Camaro V6 rims, GMPP Malibu chrome exhaust tips, otherwise bone stock for now.
s/c'd cav
Posts: 1382
Joined: Mon May 30, 2016 3:12 am
Location: PHOENIX AZ

Re: Advisory - site security update pending

Post by s/c'd cav »

i hadnt been getting emails before the update , i am getting them now

i do how ever have to log back in , if i click the link from the email , but not if i click my saved short cut to get to the site

i am using gmail to get the info from this site
User avatar
elc32955
System Manager
Posts: 2718
Joined: Thu Nov 29, 2012 10:32 am
Location: East Central Florida
Contact:

Re: Advisory - site security update pending

Post by elc32955 »

Don't forget to purge your cache files, see if that helps anything.

Thanks
Eric
System Manager and your tour guide for the day. 2015 Caprice w/LFX, former NC DPS staff car. Partial hybrid G8/SS/Camaro SS interior mods, SS MyLink radio upgrade, 2016 Camaro V6 rims, GMPP Malibu chrome exhaust tips, otherwise bone stock for now.
Post Reply