[Solved]https/Secure Login

Nic Clouston · Posted: Mon Aug 13, 2018 1:17 pm

Norton blocked my signin today saying that this is a suspicious site. When are you going to provide Secure Sign in? Here and the beginners.

steve-myers · Posted: Mon Aug 13, 2018 7:52 pm

Just a comment - not to throw stones at anyone - but this is an issue that's been brewing for a long time.

Now I don't follow phBB forum software, but has phBB addressed this issue? If it has, has our forum installed whatever phBB software addresses this issue?

For you lurkers out there, phBB software is used for this message board, as well as many other forums with a similar goal. It is quite popular and runs some very popular - and heavily trafficked - forums.

mcmillan · Site Admin Joined: 18 May 2003 Posts: 1211 Location: India

This is not about phpBB. The issue is because of the missing https protocol. We will be migrating soon.

steve-myers · Posted: Mon Aug 13, 2018 9:21 pm

Yes, but does phpBB support https protocol? Or is that strictly a web server issue?

mcmillan · Site Admin Joined: 18 May 2003 Posts: 1211 Location: India

Yes, PhbBB supports https.

Nic Clouston · Posted: Tue Aug 14, 2018 2:54 pm

The problem with Norton appears to be fixed as it did not intercede today. Looking forward to the https: sign-in coming.

Nic Clouston · Posted: Sat Aug 18, 2018 2:16 am

Norton warned me again this evening.

vasanthz · Posted: Sat Aug 18, 2018 2:37 am

mcmillan · Site Admin Joined: 18 May 2003 Posts: 1211 Location: India

Nic Clouston, Please send me a screenshot in PM. I will look into it.

Nic Clouston · Posted: Sat Aug 18, 2018 1:46 pm

Next time it happens, it did not happen today, I will do that.

BTW. I am using Firefox 61.0.2 64 bit.

mcmillan · Site Admin Joined: 18 May 2003 Posts: 1211 Location: India

We are on HTTPS protocol now.

We are also working on to enable HSTS and the Mobile Friendliness.

steve-myers · Posted: Sat Nov 28, 2020 5:37 am

Yes, I see it's "secure" which is good.

What is HSTS and if Mobile friendly is not what I think it is, what is it? Since I do not own a "smart" phone and my personal cell phone doesn't do data being mobile friendly is meaningless to me. Of course my daughter calls me a Luddite! Not that she really knows the history of the term.

Is HTTPS going to extend to ibmmainframeforum? I just went there and found it was not "secure."

mcmillan · Site Admin Joined: 18 May 2003 Posts: 1211 Location: India

HSTS is the next level of transport layer security. When a site implements HTTPS protocol, the transformation from HTTP to HTTPS happens in the sever level (usually we do a forced 301). The issue here is, all the HTTPS servers are extremely vulnerable to the man-in-the-middle-attack(MITM) due to those milliseconds delay in the 301/302 redirect.

But with HSTS, the redirect happens in the user's(/hacker's) browser itself. HSTS forces browsers to load over HTTPS, so even if you try loading the HTTP version of a website, the HTTP request gets ignored in the browser itself and send as an HTTPS request to the server.

Mobile Friendliness is making a website "also" readable/usable in mobile devices. It doesn't affect the desktop usability in anyway. Use this tool to test the mobile friendliness of a website

mcmillan · Site Admin Joined: 18 May 2003 Posts: 1211 Location: India

We have successfully implemented HSTS now. And we are one of the fastest and safest sites in the world now(<1%).

Google Pagespeed

Results after HSTS:

securityheaders.com/?q=ibmmainframes.com

ssllabs.com?d=ibmmainframes.com