• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Google warning on this Forum! Deceptive site ahead

Scheduled Pinned Locked Moved Forum Feedback
19 Posts 13 Posters 4.3k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • S
    SamTzu
    last edited by Jan 12, 2017, 2:21 AM Jan 12, 2017, 2:17 AM

    Forum Certification seems to be broken and I got this when I tried to open a thread on this forum…
    https://forum.pfsense.org/index.php?topic=119261.0

    Deceptive site ahead

    Attackers on sts.opinionator.net may trick you into doing something dangerous like installing software or revealing your personal information (for example, passwords, phone numbers, or credit cards).
    Back to safetyHIDE DETAILS
    Google Safe Browsing recently detected phishing on sts.opinionator.net. Phishing sites pretend to be other websites to trick you. Learn more.

    You can report a detection problem or, if you understand the risks to your security, visit this unsafe site.

    1 Reply Last reply Reply Quote 0
    • K
      KimmoJ
      last edited by Jan 12, 2017, 10:25 AM

      Not seeing anything like that. My browser just says part of the content is unencrypted.

      Are you sure your own computer/browser hasn't gotten malwared up?

      1 Reply Last reply Reply Quote 0
      • K
        KOM
        last edited by Jan 12, 2017, 1:58 PM

        No such problems here with Chrome 55.

        1 Reply Last reply Reply Quote 0
        • C
          chrismacmahon
          last edited by Jan 12, 2017, 2:10 PM

          Looks like we fixed this, can you verify?

          Need help fast? Our support is available 24/7 https://www.netgate.com/support/

          Do Not PM For Help!

          1 Reply Last reply Reply Quote 0
          • J
            jimp Rebel Alliance Developer Netgate
            last edited by Jan 12, 2017, 2:14 PM

            A user set their avatar to load from a URL, and that server is now flagged as dangerous by Chrome. We removed the avatar.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • S
              SamTzu
              last edited by Jan 15, 2017, 11:49 AM

              :) LOL.
              What was that old saying about bad association?

              1 Reply Last reply Reply Quote 0
              • B
                bimmerdriver
                last edited by Jan 15, 2017, 10:53 PM

                The indices are showing up as secure, but when I open a thread, it shows up as mixed content. While I'm writing this reply, it's also showing up as secure. Maybe some minor glitches in the certificate?

                1 Reply Last reply Reply Quote 0
                • D
                  Derelict LAYER 8 Netgate
                  last edited by Jan 16, 2017, 1:01 AM

                  It will always show mixed http/https because, for example, the avatar above is sourced directly from here:

                  http://sami.mattila.eu/images/sam5.jpg

                  As I understand it, the only alternative is to deny outside sourcing of images/avatars and require they all be served by https://forum.pfsense.org/ or at least all over https.

                  The reply page doesn't show as mixed content because it doesn't include avatars and attachments.

                  Chattanooga, Tennessee, USA
                  A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                  DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                  Do Not Chat For Help! NO_WAN_EGRESS(TM)

                  1 Reply Last reply Reply Quote 0
                  • K
                    kpa
                    last edited by Jan 16, 2017, 4:29 AM

                    @bimmerdriver:

                    The indices are showing up as secure, but when I open a thread, it shows up as mixed content. While I'm writing this reply, it's also showing up as secure. Maybe some minor glitches in the certificate?

                    How could the pfsense.org certificate authenticate external content not hosted on forum.pfsense.org? In this case it's plain http so naturally no certificate is used for the connection.

                    1 Reply Last reply Reply Quote 0
                    • G
                      Gertjan
                      last edited by Jan 16, 2017, 7:40 AM Jan 16, 2017, 7:31 AM

                      I decided to change the http://… URL to my avatar for a https:// ... version.

                      I used https://forum.pfsense.org/index.php?action=profile;area=forumprofile

                      https://www.papy-team.fr/forum/e107_files/public/avatars/ap_59_nco_ranks_sergant.gif works when used directly.

                      But ... changing my profile ends up with a nice Your profile has been updated successfully and the setting is switched to "No avatar" like a https:// URL isn't accepted.

                      Btw : why not forcing a https URL if one chooses to use an avatar ?

                      edit : Better yet : retrying to set my URL gives me a "504 Gateway Time-out - nginx"
                      No avatars are shown on the main forum page ( https://forum.pfsense.org/index.php ) but still some info is send over using http, so navigators show "partially unsecured connection". : Ok, get it. It was my own avatar using http:// … Logic.

                      No "help me" PM's please. Use the forum, the community will thank you.
                      Edit : and where are the logs ??

                      1 Reply Last reply Reply Quote 0
                      • J
                        jimp Rebel Alliance Developer Netgate
                        last edited by Jan 16, 2017, 12:39 PM

                        Just choose the option to upload the avatar and go that way. It appears SMF (at least this version) doesn't want to allow HTTPS avatars.

                        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                        Need help fast? Netgate Global Support!

                        Do not Chat/PM for help!

                        1 Reply Last reply Reply Quote 0
                        • J
                          jahonix
                          last edited by Jan 16, 2017, 12:46 PM

                          Where can I upload an avatar?

                          profile_avatar.png
                          profile_avatar.png_thumb

                          1 Reply Last reply Reply Quote 0
                          • J
                            jimp Rebel Alliance Developer Netgate
                            last edited by Jan 16, 2017, 12:48 PM

                            Hmm, maybe it requires a higher level of permission. It shows for me.

                            2017-01-16_7-47-38.png
                            2017-01-16_7-47-38.png_thumb

                            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                            Need help fast? Netgate Global Support!

                            Do not Chat/PM for help!

                            1 Reply Last reply Reply Quote 0
                            • G
                              GruensFroeschli
                              last edited by Jan 16, 2017, 12:55 PM

                              I only have the first 3 options.
                              I just tried to change the URL to my avatar (to https://skylabs.ch/avatar.png) and now the avatar is gone completly.

                              Edit: Yeah changing the link to http://skylabs.ch/avatar.png seems to work, but isn't that what the google warning is about? That you have a https page which includes http content?

                              We do what we must, because we can.

                              Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

                              1 Reply Last reply Reply Quote 0
                              • D
                                doktornotor Banned
                                last edited by Jan 16, 2017, 1:19 PM

                                @GruensFroeschli:

                                Edit: Yeah changing the link to http://skylabs.ch/avatar.png seems to work, but isn't that what the google warning is about? That you have a https page which includes http content?

                                No, that's not a mixed content warning. It's about a site being in the Google Safebrowsing DB. As for mixed content, the only solution here would be adding a header to force everything via HTTPS. At that point, you break not just avatars but thousands and thousands of images linked from other sources here that have no support for HTTPS.

                                1 Reply Last reply Reply Quote 0
                                • J
                                  johnpoz LAYER 8 Global Moderator
                                  last edited by Jan 16, 2017, 5:04 PM

                                  Yeah I would much rather host avatar on pfsense vs remote. But don't have the upload option either.

                                  uploadavatar.jpg
                                  uploadavatar.jpg_thumb

                                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                                  If you get confused: Listen to the Music Play
                                  Please don't Chat/PM me for help, unless mod related
                                  SG-4860 24.11 | Lab VMs 2.8, 24.11

                                  1 Reply Last reply Reply Quote 0
                                  • G
                                    Gertjan
                                    last edited by Jan 16, 2017, 10:22 PM

                                    … Or just supply a https:// avatar link - which isn't accepted by this SMF forum.
                                    But, as doktornotor already mentioned : all those posts with "http" links (to images) are making Google not happy neither ...

                                    But, hey, forum admins, do not change the forum just for that, I can live with it.

                                    A trick : see image
                                    Goto " pfSense Forum » Profile of YOU » Look and Layout" and check "Don't show users' avatars." and most pages (without external images) have the green lock again ;)

                                    pfsense-forum.png
                                    pfsense-forum.png_thumb

                                    No "help me" PM's please. Use the forum, the community will thank you.
                                    Edit : and where are the logs ??

                                    1 Reply Last reply Reply Quote 0
                                    • J
                                      jahonix
                                      last edited by Jan 16, 2017, 10:26 PM

                                      @Gertjan:

                                      "Don't show users' avatars."

                                      That's not an option - I wanna see if hell freezes over.  :P

                                      1 Reply Last reply Reply Quote 0
                                      • D
                                        doktornotor Banned
                                        last edited by Jan 17, 2017, 8:38 AM

                                        On the avatar note: anyone noticed gravatar is very much broken lately? Very visible in Redmine, takes ages for the page to load, and eventually it doesn't work.

                                        1 Reply Last reply Reply Quote 0
                                        19 out of 19
                                        • First post
                                          19/19
                                          Last post
                                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                                          This community forum collects and processes your personal information.
                                          consent.not_received