[S] Unsecured Site Triggering Antispam/Antivirus

Post about any bugs or other issues that you find on AAO.

Moderator: EN - Forum Moderators

Forum rules

[S] Unsecured Site Triggering Antispam/Antivirus 

Postby E.D.Revolution » Thu May 28, 2020 8:15 am

The problem I'm reporting is literally in the title.

A little context:

As I was logging in to check my messages and whatnot, my browser did a Forbidden Error and my antivirus software triggered for "Online Threat Protection." This is because there is no encryption on this website. I'm saavy enough to know that this site is safe relative to other sites on the internet. However, for potential users, it's not fair to expect them to turn down their shields for this website in order to get this site to work for them.

Hell, C-R has encryption protection.
Image
User avatar
E.D.Revolution
 
Posts: 5742
Joined: Mon Jul 26, 2010 9:00 pm
Location: Across dimensions, transcending universes
Gender: Male
Spoken languages: English and decent Spanish

Re: [S] Unsecured Site Triggering Antispam/Antivirus 

Postby ThePaSch » Thu May 28, 2020 1:12 pm

I'm guessing this is because the site does not utilize HTTPS. I wasn't aware that there's already security software out there that makes it mandatory and blocks any site that doesn't use it - the portion of the web where this is the case is still quite large, I think - but that means there are plenty of benign websites outside of AAO that would get blocked for users of such software.

I don't personally see a reason why we couldn't switch to HTTPS; ever since the Let's Encrypt CA is a thing, I don't think there's any non-technical excuse not to. This is something that Unas would have to do. Perhaps there are technical reasons why doing it might be a little more difficult than might meet the eye?
Image
User avatar
ThePaSch
Moderator
 
Posts: 1249
Joined: Sun Jun 13, 2010 5:56 pm
Location: Germany
Gender: Male
Spoken languages: English, German (native)

Re: [S] Unsecured Site Triggering Antispam/Antivirus 

Postby Enthalpy » Sat May 30, 2020 12:31 am

I'll bring this to Unas's attention. That's as much as I can do.
[D]isordered speech is not so much injury to the lips that give it forth, as to the disproportion and incoherence of things in themselves, so negligently expressed. ~ Ben Jonson

Current AAO Development Priority: Issue #94: Grayscale Mode
User avatar
Enthalpy
Community Manager
 
Posts: 4812
Joined: Wed Jan 04, 2012 4:40 am
Gender: Male
Spoken languages: English, limited Spanish

Re: [S] Unsecured Site Triggering Antispam/Antivirus 

Postby E.D.Revolution » Mon Jun 01, 2020 3:05 am

I can tell you exactly what's triggering antivirus/antispam software. Not the fact that I'm using the website, not the fact that I'm logging in (in of itself, that is). It's the fact that a redirect happens after inputting credentials successfully that's tripping the software. It thinks because AAO doesn't use HTTPS, therefore my account is at risk of being hacked when I input my credentials.
Image
User avatar
E.D.Revolution
 
Posts: 5742
Joined: Mon Jul 26, 2010 9:00 pm
Location: Across dimensions, transcending universes
Gender: Male
Spoken languages: English and decent Spanish

Re: [S] Unsecured Site Triggering Antispam/Antivirus 

Postby Unas » Mon Aug 17, 2020 10:17 pm

Indeed, that's something that I should fix. Your security suite is correct when it complains.

Back when I was actively working on AAO, setting up for HTTPS was costly so I didn't do it; it became free some few years ago but then I wasn't so active anymore and never took the time.

I just took a bit of time this evening to enable it; normally you can now access the site through https://www.aaonline.fr/.
Let me know if you have any issue that way.

I'm not enabling automatic redirection to force users to use HTTPS yet, first to make sure that everything works fine, and because I'll have to plan a general upgrade of the server in the next few months (the current one is getting very old)
ImageImageImage
If knowledge can create problems, it is not through ignorance that we can solve them.
Si le savoir peut créer des problèmes, ce n'est pas l'ignorance qui les résoudra. ( Isaac Asimov )
User avatar
Unas
Admin / Site programmer
 
Posts: 8810
Joined: Tue Jul 10, 2007 4:43 pm
Gender: Male
Spoken languages: Français, English, Español

Re: [S] Unsecured Site Triggering Antispam/Antivirus 

Postby E.D.Revolution » Tue Aug 18, 2020 12:08 am

I'm surfing with the HTTPS and re-upped the security suite. So far, nothing is tripping and everything is working fine so far.
Image
User avatar
E.D.Revolution
 
Posts: 5742
Joined: Mon Jul 26, 2010 9:00 pm
Location: Across dimensions, transcending universes
Gender: Male
Spoken languages: English and decent Spanish

Re: [S] Unsecured Site Triggering Antispam/Antivirus 

Postby Enthalpy » Tue Sep 01, 2020 4:20 am

I'm going to lock the topic to mark it's closed. If new issues come up, please make a new topic.

Again, thanks for the report!
[D]isordered speech is not so much injury to the lips that give it forth, as to the disproportion and incoherence of things in themselves, so negligently expressed. ~ Ben Jonson

Current AAO Development Priority: Issue #94: Grayscale Mode
User avatar
Enthalpy
Community Manager
 
Posts: 4812
Joined: Wed Jan 04, 2012 4:40 am
Gender: Male
Spoken languages: English, limited Spanish


Return to Bug reports

Who is online

Users browsing this forum: No registered users and 1 guest