Geekzone and https warnings in browsers

Forums › Geekzone › Geekzone and https warnings in browsers

1 | 2 | 3

1097 posts

Uber Geek

#1713308 31-Jan-2017 15:08

Behodar:

In many cases there is no need for HTTPS anyway - take the MetService site as an example. Weather data is hardly a secret!

Yes, as long as on a trusted internet connection still. Where it becomes important on unimportant websites is when you get carriers injecting Javascript or other malicious parties!

Behodar

10504 posts

Uber Geek

Trusted

Lifetime subscriber

#1713309 31-Jan-2017 15:11

But does HTTPS solve the problem? As noted in an earlier post, Chrome and IE were both happily letting an MITM attack through.

richms

28172 posts

Uber Geek

Trusted

Lifetime subscriber

#1713312 31-Jan-2017 15:22

Behodar:

But does HTTPS solve the problem? As noted in an earlier post, Chrome and IE were both happily letting an MITM attack through.

That will be because the certs for the MITM virus scanning/check the staff are not slacking off box will be installed on the PC's thru their membership to the businesses domain etc. Firefox does its own cert management so is not configured with the businesses certs so alerts.

Richard rich.ms

freitasm

BDFL - Memuneh
79265 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#1713465 31-Jan-2017 18:16

Guess what? Just got off a Skype call with our second ad network and they now support HTTPS. I will change their ads to HTTPS and test for a while. If this is working ok I can switch the domain to HTTPS - mind you this will break third-party non HTTPS images (mixed content) and people will get pissed off... This is not someting that can happen overnight though. We need to change Google Webmasters/Search to point to the new domain, we have to implement a 301 redirect to make sure we don't lose search ranking and we have to do a few other things to make sure things just work.

Bear with me.

toyonut

1508 posts

Uber Geek

#1713509 31-Jan-2017 20:26

Thanks Freitasm for being so willing to discuss things like this. I find it really interesting to get a first hand look at what goes into these kind of decisions. By all means take your time, I am not worried about the unencrypted notification for Geekzone personally.

Try Vultr using this link and get us both some credit:

http://www.vultr.com/?ref=7033587-3B

freitasm

BDFL - Memuneh
79265 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#1713530 31-Jan-2017 21:03

I have turned SSL on for news pages now.

michaelmurfy

meow
13242 posts

Uber Geek

Moderator

ID Verified

Trusted

Lifetime subscriber

#1713573 31-Jan-2017 22:10

@freitasm could do a page rule under Cloudflare to set http://*.geekzone.co.nz/* to "always use HTTPS" along with setting up HSTS on the whole Geekzone domain. Should take care of the Google aspects...

This does however mean literally everything on Geekzone has to have a valid SSL certificate and by enforcing HSTS on the whole domain will cause broken images for anything embedded without HTTPS - could do a find and replace on the database but still a massive mess in a forum environment to resolve.

Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.

Sharesies kids

Free kids accounts - trade shares and funds (NZ, US) with Sharesies (affiliate link).

freitasm

BDFL - Memuneh
79265 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#1713586 31-Jan-2017 22:21

There's more to it than that. There's Geekzone Prices, Geekzone Mobile. Then there is Mixed Content where people upload images using their own/third party servers. HSTS is not a good idea for this. It's more complicated than that.

AS I said News/Reviews is now on HTTPS, currently as a redirect (which is needed so Google can find it). Remember http://www.geekzone.co.nz and https://www.geekzone.co.nz are different sub-domains - regardless of name, the protocol being different then the domains are different and Google will consider HTTPS Geekzone a new domain, with no links, etc. SEO works like that.

mentalinc

3229 posts

Uber Geek

Trusted

#1713629 1-Feb-2017 07:17

Glad to see the move to https! well done

live.geekzone.co.nz has been https for as long as I can remember as well

CPU: AMD 5900x | RAM: GSKILL Trident Z Neo RGB F4-3600C16D-32GTZNC-32-GB | MB: Asus X570-E | GFX: EVGA FTW3 Ultra RTX 3080Ti| Monitor: LG 27GL850-B 2560x1440

Quic: https://account.quic.nz/refer/473833 R473833EQKIBX

ripdog

548 posts

Ultimate Geek
Inactive user

#1713638 1-Feb-2017 07:45

Huh. The SEO mess is unusual, as Google has been pushing webmasters pretty hard to change to HTTPS, including giving a ranking boost to https pages. Surely they wouldn't cause a ranking drop just from switching.

freitasm

BDFL - Memuneh
79265 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#1713648 1-Feb-2017 07:55

mentalinc:

Glad to see the move to https! well done

live.geekzone.co.nz has been https for as long as I can remember as well

Geekzone Live and Geekzone Jobs (now retired) were HTTPS for a very long time. The content page is now HTTPS so that's going to stay - it's a testbed for the ad networks compliance. Once we know it's working fine then we can possibly move the forums - the worst case scenario is that the page and Geekzone contents - including cookies - will be encrypted but not third party so you get a mixed content warning and third party content won't appear (images).

ripdog:

Huh. The SEO mess is unusual, as Google has been pushing webmasters pretty hard to change to HTTPS, including giving a ranking boost to https pages. Surely they wouldn't cause a ranking drop just from switching.

Not unusual. They are different domains. If you look at Google Search Console they have independent controls, crawling and backlinks.

mentalinc

3229 posts

Uber Geek

Trusted

#1713656 1-Feb-2017 08:11

and in further news today, lets look forward to geekzone joining the secure half of the Internet.

https://www.wired.com/2017/01/half-web-now-encrypted-makes-everyone-safer/

CPU: AMD 5900x | RAM: GSKILL Trident Z Neo RGB F4-3600C16D-32GTZNC-32-GB | MB: Asus X570-E | GFX: EVGA FTW3 Ultra RTX 3080Ti| Monitor: LG 27GL850-B 2560x1440

Quic: https://account.quic.nz/refer/473833 R473833EQKIBX

freitasm

BDFL - Memuneh
79265 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#1713661 1-Feb-2017 08:15

Here's a number that will boggle your mind: in December 2016 we had 44% of requests served over HTTPS already (9,137,964 SSL secured requests and 11,442,326 unsecured requests) according to Cloudflare.

"Requests" as in hits, not pages served (different things). This means page source (HTML), images, CSS, scripts. This will go up a bit in February with us moving the content pages to SSL.

freitasm

BDFL - Memuneh
79265 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#1714132 1-Feb-2017 20:03

I switched SSL ON for our forums pages for a few minutes today:

Anyway, still playing with things around. In the last 24 hours served more SSL request than non-SSL (that's because I moved all ads to SSL, which means defaults requests also use SSL).

yitz

2075 posts

Uber Geek

#1714139 1-Feb-2017 20:14

Is it the site still accessible under Windows XP?

Don't want to be in a similar situation to the Xtra email upgrades :P

1 | 2 | 3