[S] Unsecured Site Triggering Antispam/Antivirus

Post about any bugs or other issues that you find on AAO.

Moderator: EN - Forum Moderators

Locked
User avatar
E.D.Revolution
Posts: 5742
Joined: Mon Jul 26, 2010 9:00 pm
Gender: Male
Spoken languages: English and decent Spanish
Location: Across dimensions, transcending universes

[S] Unsecured Site Triggering Antispam/Antivirus

Post by E.D.Revolution »

The problem I'm reporting is literally in the title.

A little context:

As I was logging in to check my messages and whatnot, my browser did a Forbidden Error and my antivirus software triggered for "Online Threat Protection." This is because there is no encryption on this website. I'm saavy enough to know that this site is safe relative to other sites on the internet. However, for potential users, it's not fair to expect them to turn down their shields for this website in order to get this site to work for them.

Hell, C-R has encryption protection.
Image
User avatar
ThePaSch
Moderator
Posts: 1252
Joined: Sun Jun 13, 2010 5:56 pm
Gender: Male
Spoken languages: English, German (native)
Location: Germany

Re: [S] Unsecured Site Triggering Antispam/Antivirus

Post by ThePaSch »

I'm guessing this is because the site does not utilize HTTPS. I wasn't aware that there's already security software out there that makes it mandatory and blocks any site that doesn't use it - the portion of the web where this is the case is still quite large, I think - but that means there are plenty of benign websites outside of AAO that would get blocked for users of such software.

I don't personally see a reason why we couldn't switch to HTTPS; ever since the Let's Encrypt CA is a thing, I don't think there's any non-technical excuse not to. This is something that Unas would have to do. Perhaps there are technical reasons why doing it might be a little more difficult than might meet the eye?
Image
User avatar
Enthalpy
Community Manager
Posts: 4832
Joined: Wed Jan 04, 2012 4:40 am
Gender: Male
Spoken languages: English, limited Spanish

Re: [S] Unsecured Site Triggering Antispam/Antivirus

Post by Enthalpy »

I'll bring this to Unas's attention. That's as much as I can do.
[D]isordered speech is not so much injury to the lips that give it forth, as to the disproportion and incoherence of things in themselves, so negligently expressed. ~ Ben Jonson
Current AAO Development Priority: Issue #94: Grayscale Mode
User avatar
E.D.Revolution
Posts: 5742
Joined: Mon Jul 26, 2010 9:00 pm
Gender: Male
Spoken languages: English and decent Spanish
Location: Across dimensions, transcending universes

Re: [S] Unsecured Site Triggering Antispam/Antivirus

Post by E.D.Revolution »

I can tell you exactly what's triggering antivirus/antispam software. Not the fact that I'm using the website, not the fact that I'm logging in (in of itself, that is). It's the fact that a redirect happens after inputting credentials successfully that's tripping the software. It thinks because AAO doesn't use HTTPS, therefore my account is at risk of being hacked when I input my credentials.
Image
User avatar
Unas
Admin / Site programmer
Posts: 8836
Joined: Tue Jul 10, 2007 4:43 pm
Gender: Male
Spoken languages: Français, English, Español
Contact:

Re: [S] Unsecured Site Triggering Antispam/Antivirus

Post by Unas »

Indeed, that's something that I should fix. Your security suite is correct when it complains.

Back when I was actively working on AAO, setting up for HTTPS was costly so I didn't do it; it became free some few years ago but then I wasn't so active anymore and never took the time.

I just took a bit of time this evening to enable it; normally you can now access the site through https://www.aaonline.fr/.
Let me know if you have any issue that way.

I'm not enabling automatic redirection to force users to use HTTPS yet, first to make sure that everything works fine, and because I'll have to plan a general upgrade of the server in the next few months (the current one is getting very old)
ImageImageImage
If knowledge can create problems, it is not through ignorance that we can solve them.
Si le savoir peut créer des problèmes, ce n'est pas l'ignorance qui les résoudra. ( Isaac Asimov )
User avatar
E.D.Revolution
Posts: 5742
Joined: Mon Jul 26, 2010 9:00 pm
Gender: Male
Spoken languages: English and decent Spanish
Location: Across dimensions, transcending universes

Re: [S] Unsecured Site Triggering Antispam/Antivirus

Post by E.D.Revolution »

I'm surfing with the HTTPS and re-upped the security suite. So far, nothing is tripping and everything is working fine so far.
Image
User avatar
Enthalpy
Community Manager
Posts: 4832
Joined: Wed Jan 04, 2012 4:40 am
Gender: Male
Spoken languages: English, limited Spanish

Re: [S] Unsecured Site Triggering Antispam/Antivirus

Post by Enthalpy »

I'm going to lock the topic to mark it's closed. If new issues come up, please make a new topic.

Again, thanks for the report!
[D]isordered speech is not so much injury to the lips that give it forth, as to the disproportion and incoherence of things in themselves, so negligently expressed. ~ Ben Jonson
Current AAO Development Priority: Issue #94: Grayscale Mode
Locked