The problem I'm reporting is literally in the title.
A little context:
As I was logging in to check my messages and whatnot, my browser did a Forbidden Error and my antivirus software triggered for "Online Threat Protection." This is because there is no encryption on this website. I'm saavy enough to know that this site is safe relative to other sites on the internet. However, for potential users, it's not fair to expect them to turn down their shields for this website in order to get this site to work for them.
Hell, C-R has encryption protection.
[S] Unsecured Site Triggering Antispam/Antivirus
Moderator: EN - Forum Moderators
- E.D.Revolution
- Posts: 5743
- Joined: Mon Jul 26, 2010 9:00 pm
- Gender: Male
- Spoken languages: English and decent Spanish
- Location: Across dimensions, transcending universes
- ThePaSch
- Moderator
- Posts: 1269
- Joined: Sun Jun 13, 2010 5:56 pm
- Gender: Male
- Spoken languages: English, German (native)
- Location: Germany
Re: [S] Unsecured Site Triggering Antispam/Antivirus
I'm guessing this is because the site does not utilize HTTPS. I wasn't aware that there's already security software out there that makes it mandatory and blocks any site that doesn't use it - the portion of the web where this is the case is still quite large, I think - but that means there are plenty of benign websites outside of AAO that would get blocked for users of such software.
I don't personally see a reason why we couldn't switch to HTTPS; ever since the Let's Encrypt CA is a thing, I don't think there's any non-technical excuse not to. This is something that Unas would have to do. Perhaps there are technical reasons why doing it might be a little more difficult than might meet the eye?
I don't personally see a reason why we couldn't switch to HTTPS; ever since the Let's Encrypt CA is a thing, I don't think there's any non-technical excuse not to. This is something that Unas would have to do. Perhaps there are technical reasons why doing it might be a little more difficult than might meet the eye?
- Enthalpy
- Community Manager
- Posts: 5172
- Joined: Wed Jan 04, 2012 4:40 am
- Gender: Male
- Spoken languages: English, limited Spanish
Re: [S] Unsecured Site Triggering Antispam/Antivirus
I'll bring this to Unas's attention. That's as much as I can do.
[D]isordered speech is not so much injury to the lips that give it forth, as to the disproportion and incoherence of things in themselves, so negligently expressed. ~ Ben Jonson
- E.D.Revolution
- Posts: 5743
- Joined: Mon Jul 26, 2010 9:00 pm
- Gender: Male
- Spoken languages: English and decent Spanish
- Location: Across dimensions, transcending universes
Re: [S] Unsecured Site Triggering Antispam/Antivirus
I can tell you exactly what's triggering antivirus/antispam software. Not the fact that I'm using the website, not the fact that I'm logging in (in of itself, that is). It's the fact that a redirect happens after inputting credentials successfully that's tripping the software. It thinks because AAO doesn't use HTTPS, therefore my account is at risk of being hacked when I input my credentials.
- Unas
- Admin / Site programmer
- Posts: 8850
- Joined: Tue Jul 10, 2007 4:43 pm
- Gender: Male
- Spoken languages: Français, English, Español
- Contact:
Re: [S] Unsecured Site Triggering Antispam/Antivirus
Indeed, that's something that I should fix. Your security suite is correct when it complains.
Back when I was actively working on AAO, setting up for HTTPS was costly so I didn't do it; it became free some few years ago but then I wasn't so active anymore and never took the time.
I just took a bit of time this evening to enable it; normally you can now access the site through https://www.aaonline.fr/.
Let me know if you have any issue that way.
I'm not enabling automatic redirection to force users to use HTTPS yet, first to make sure that everything works fine, and because I'll have to plan a general upgrade of the server in the next few months (the current one is getting very old)
Back when I was actively working on AAO, setting up for HTTPS was costly so I didn't do it; it became free some few years ago but then I wasn't so active anymore and never took the time.
I just took a bit of time this evening to enable it; normally you can now access the site through https://www.aaonline.fr/.
Let me know if you have any issue that way.
I'm not enabling automatic redirection to force users to use HTTPS yet, first to make sure that everything works fine, and because I'll have to plan a general upgrade of the server in the next few months (the current one is getting very old)
- E.D.Revolution
- Posts: 5743
- Joined: Mon Jul 26, 2010 9:00 pm
- Gender: Male
- Spoken languages: English and decent Spanish
- Location: Across dimensions, transcending universes
Re: [S] Unsecured Site Triggering Antispam/Antivirus
I'm surfing with the HTTPS and re-upped the security suite. So far, nothing is tripping and everything is working fine so far.
- Enthalpy
- Community Manager
- Posts: 5172
- Joined: Wed Jan 04, 2012 4:40 am
- Gender: Male
- Spoken languages: English, limited Spanish
Re: [S] Unsecured Site Triggering Antispam/Antivirus
I'm going to lock the topic to mark it's closed. If new issues come up, please make a new topic.
Again, thanks for the report!
Again, thanks for the report!
[D]isordered speech is not so much injury to the lips that give it forth, as to the disproportion and incoherence of things in themselves, so negligently expressed. ~ Ben Jonson