Logon threat warning

[Stinger22]

Whenever I log on to the forum here I get a privacy threat warning from Bitdefender

Privacy threat blocked
now
Feature:
Online Threat Prevention
An attempt to send your password unencrypted was about to occur on bluesguitarunleashed.com. We blocked the connection to stop your private data from being exposed and tampered

It does log me on and I can post. Any idea why this message is generated?

 

[snarf]

I don't use Bitdefender, but I bet it's because the BGU forum is an http site and not https. A lot of those protection apps are now flagging sites that aren't https so that you're aware that, when you log in, your information is being sent without being encrypted. For years, the vast majority of the web was http. Now it's all moving to https because it offers a level of security. I bet Griff will eventually move the forum that direction too. The member area already is. The forum isn't.

 

[PapaBear]

I don't use Bitdefender, but I bet it's because the BGU forum is an http site and not https. A lot of those protection apps are now flagging sites that aren't https so that you're aware that, when you log in, your information is being sent without being encrypted. For years, the vast majority of the web was http. Now it's all moving to https because it offers a level of security. I bet Griff will eventually move the forum that direction too. The member area already is. The forum isn't.

I'm logged in https, you can do either, I don't recommend http

 

[snarf]

I'm logged in https, you can do either, I don't recommend http

If it's an option, I totally agree. Speaking of, if you're logged in as https, that makes me think that it's something I should be able to do as well. So now I'm off to see if I can find the setting that will let me do that.

 

[ChrisGSP]

If it's an option, I totally agree. Speaking of, if you're logged in as https, that makes me think that it's something I should be able to do as well. So now I'm off to see if I can find the setting that will let me do that.

yes, @snarf, I just did it. Logged out. changed the http in my bookmark to https and it worked - here I am logged on SECURELY.
@Stinger22 - do you see how to do it?

https://bluesguitarunleashed.com/forum/index.php

 

[snarf]

Thank you, sir!! Just did the same, and now it's https. Saves me trying to find the checkmark I missed. lol

 

[ChrisGSP]

guys, this needs to be documented. I'm hereby alerting @Griff and @PapaRaptor

I've been ignoring the secure login warnings from Firefox, and never even thought about changing the URL that I've been using. Thanks @PapaBear for alerting me to the option.

 

[PapaRaptor]

It does log me on and I can post. Any idea why this message is generated?

Yes, you are logging on with the non-secure prefix http:// or you are logging in using www.bluesguitarunleashed.com/forum or just bluesguitarunleashed.com/forum. Most browsers will still route you to the standard, plain-text http protocol and not the https (secure) protocol.

The forum has a valid https certificate and if you do log in using https://bluesguitarunleashed.com/forum your login is secure. @Griff has mentioned before that he hasn't made the change to force a secure connection because there is no personal information that can be accessed in the forum. It also isn't a trivial task to change forum software such as this to force users into secure mode. Browsers started moving in the direction of alerting users that they are accessing an unencrypted source about a year ago. I remember reading that at some point within the next year, most browsers will either refuse or make it difficult to log into a http: plain text protocol website.

So, if you are using a shortcut or a bookmark to connect to the forum, in the meantime, I suggest you edit the shortcut or bookmark so the URL for the forum so it reads https://bluesguitarunleashed.com/forum.

 

[JohnHurley]

Yeah i warned about this a while back. If not using https dont use a password thats significant to your life anywhere else.

 

[sloslunas]

Thanks for the info boys. That was a pretty simple fix and I like simple!

Steve

 

[MikeS]

Whenever I log on to the forum here I get a privacy threat warning from Bitdefender

Privacy threat blocked
now
Feature:
Online Threat Prevention
An attempt to send your password unencrypted was about to occur on bluesguitarunleashed.com. We blocked the connection to stop your private data from being exposed and tampered

It does log me on and I can post. Any idea why this message is generated?

You may need to Whitelist Bluesguitarunleashed.com

 

[Stinger22]

I don't use Bitdefender, but I bet it's because the BGU forum is an http site and not https. A lot of those protection apps are now flagging sites that aren't https so that you're aware that, when you log in, your information is being sent without being encrypted. For years, the vast majority of the web was http. Now it's all moving to https because it offers a level of security. I bet Griff will eventually move the forum that direction too. The member area already is. The forum isn't.

Yea my browser doesn't display http/https status. Hopefully Griff will incorporate the higher security.

 

[Stinger22]

Ahhhhhh I was able to force it and no message. My bookmark was apparently http. Did a google search and the link was http, I edited to https and saved the bookmark now opens https with the little lock icon.

 

[Stinger22]

Yes, you are logging on with the non-secure prefix http:// or you are logging in using www.bluesguitarunleashed.com/forum or just bluesguitarunleashed.com/forum. Most browsers will still route you to the standard, plain-text http protocol and not the https (secure) protocol.

The forum has a valid https certificate and if you do log in using https://bluesguitarunleashed.com/forum your login is secure. @Griff has mentioned before that he hasn't made the change to force a secure connection because there is no personal information that can be accessed in the forum. It also isn't a trivial task to change forum software such as this to force users into secure mode. Browsers started moving in the direction of alerting users that they are accessing an unencrypted source about a year ago. I remember reading that at some point within the next year, most browsers will either refuse or make it difficult to log into a http: plain text protocol website.

So, if you are using a shortcut or a bookmark to connect to the forum, in the meantime, I suggest you edit the shortcut or bookmark so the URL for the forum so it reads https://bluesguitarunleashed.com/forum.

Yep see above that's what I had to do. BTW the chrome bookmark I had didn't show either http/https just "bluesguitarunleashed.com/forum" but got the correct link in there now.

Thanks!

 

[Stinger22]

Yeah i warned about this a while back. If not using https dont use a password thats significant to your life anywhere else.

You mean like your social security number or bank account number

Thankfully use a good encrypted password manager so my 67 year old brain doesn't have to try and remember them all!

 

[Stinger22]

Hmmmm so I go over to the gear section and type a response to a post and hit submit and up pops the "you must be logged on to post" message, it has already filled in my sign on info, so I click OK and I get the not secured http.

So log out and come back and go to gear section and click on the logon at the bottom and it did take me to a https, it showed the https address as I hovered the mouse.

Tried again same thing it took me to the unsecure http even though it had showed https. Hovered over the bluesguitarunleashed/forums/general/ gear (or what ever it is at the top of the forum display and that showed https clicked on it and got the https page.

So it is not consistent which it takes you to within the forum

 

[PapaRaptor]

Hmmmm so I go over to the gear section and type a response to a post and hit submit and up pops the "you must be logged on to post" message, it has already filled in my sign on info, so I click OK and I get the not secured http.

So log out and come back and go to gear section and click on the logon at the bottom and it did take me to a https, it showed the https address as I hovered the mouse.

Tried again same thing it took me to the unsecure http even though it had showed https. Hovered over the bluesguitarunleashed/forums/general/ gear (or what ever it is at the top of the forum display and that showed https clicked on it and got the https page.

So it is not consistent which it takes you to within the forum

This is due to some inconsistency within your browser. You should clear your browser cache. What you experienced is not unusual when you have cached content that is mixed secure/non-secure from a single site.

I haven't used the non-secure protocol for the better part of a year on the BGU forum and the only time I have an issue is if someone has posted a hard link.
For example:

Non-Secure Link

Secure Link

Both of these links are to the same Test link location, but if you try and reply, you will be allowed to Reply to the post that matches your current connection. The other link will require you to login, because you cannot simultaneously be logged in to the website with both a secure AND non-secure connection.

 

[Stinger22]

This is due to some inconsistency within your browser. You should clear your browser cache. What you experienced is not unusual when you have cached content that is mixed secure/non-secure from a single site.

I haven't used the non-secure protocol for the better part of a year on the BGU forum and the only time I have an issue is if someone has posted a hard link.
For example:

Non-Secure Post

Secure Link

Both of these links are to the same Test link location, but if you try and reply, you will be allowed to Reply to the post that matches your current connection. The other link will require you to login, because you cannot simultaneously be logged in to the website with both a secure AND non-secure connection.

The previous was from my PC Chrome and no cache to clear no saved history. Has completely exited out and back in during test. Cleared my Android version on my tablet, went to the email notification of your above last message. Clicked on link to view the thread Chrome opens to the http page. I checked and my bookmark edit in my PC did update to https on my android version. Maybe things will clear out after a few attempts but still getting inconsistent but at least know to look.

 

[PapaRaptor]

The previous was from my PC Chrome and no cache to clear no saved history. Has completely exited out and back in during test. Cleared my Android version on my tablet, went to the email notification of your above last message. Clicked on link to view the thread Chrome opens to the http page. I checked and my bookmark edit in my PC did update to https on my android version. Maybe things will clear out after a few attempts but still getting inconsistent but at least know to look.

If you are running Chrome on a Windows based PC, you have a cache. You should see three vertical dots in the upper right hand corner of your browser window (if your browser is maximized, it is right below the X to close the browser). Click on that and click Settings... Then click Clear Browsing Data. You should see a window similar to this or it may come up in the Basic View. If it does, click on the Advanced tab:

Make sure Cookies and other site data and Cached images and files are both selected. The rest don't have to be checked. Then click Clear Data and close the Settings window.
Close your browser and then open again, the issue, should be gone.

Even if you do nothing, the problem should diminish and eventually not appear as the browser cache ages and old files are replaced.

 

[Stinger22]

Even if you do nothing, the problem should diminish and eventually not appear as the browser cache ages and old files are replaced.

Yea I'm going to let any of that just cycle out so it doesn't lose info from all my other sites.