Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Google warning on this Forum! Deceptive site ahead

    Forum Feedback
    13
    19
    3167
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • SamTzu
      SamTzu last edited by

      Forum Certification seems to be broken and I got this when I tried to open a thread on this forum…
      https://forum.pfsense.org/index.php?topic=119261.0

      Deceptive site ahead

      Attackers on sts.opinionator.net may trick you into doing something dangerous like installing software or revealing your personal information (for example, passwords, phone numbers, or credit cards).
      Back to safetyHIDE DETAILS
      Google Safe Browsing recently detected phishing on sts.opinionator.net. Phishing sites pretend to be other websites to trick you. Learn more.

      You can report a detection problem or, if you understand the risks to your security, visit this unsafe site.

      1 Reply Last reply Reply Quote 0
      • K
        KimmoJ last edited by

        Not seeing anything like that. My browser just says part of the content is unencrypted.

        Are you sure your own computer/browser hasn't gotten malwared up?

        1 Reply Last reply Reply Quote 0
        • KOM
          KOM last edited by

          No such problems here with Chrome 55.

          1 Reply Last reply Reply Quote 0
          • chrismacmahon
            chrismacmahon last edited by

            Looks like we fixed this, can you verify?

            Need help fast? Our support is available 24/7 https://www.netgate.com/support/

            Do Not PM For Help!

            1 Reply Last reply Reply Quote 0
            • jimp
              jimp Rebel Alliance Developer Netgate last edited by

              A user set their avatar to load from a URL, and that server is now flagged as dangerous by Chrome. We removed the avatar.

              Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

              Need help fast? Netgate Global Support!

              Do not Chat/PM for help!

              1 Reply Last reply Reply Quote 0
              • SamTzu
                SamTzu last edited by

                :) LOL.
                What was that old saying about bad association?

                1 Reply Last reply Reply Quote 0
                • B
                  bimmerdriver last edited by

                  The indices are showing up as secure, but when I open a thread, it shows up as mixed content. While I'm writing this reply, it's also showing up as secure. Maybe some minor glitches in the certificate?

                  1 Reply Last reply Reply Quote 0
                  • Derelict
                    Derelict LAYER 8 Netgate last edited by

                    It will always show mixed http/https because, for example, the avatar above is sourced directly from here:

                    http://sami.mattila.eu/images/sam5.jpg

                    As I understand it, the only alternative is to deny outside sourcing of images/avatars and require they all be served by https://forum.pfsense.org/ or at least all over https.

                    The reply page doesn't show as mixed content because it doesn't include avatars and attachments.

                    Chattanooga, Tennessee, USA
                    The pfSense Book is free of charge!
                    DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
                    Do Not Chat For Help! NO_WAN_EGRESS(TM)

                    1 Reply Last reply Reply Quote 0
                    • K
                      kpa last edited by

                      @bimmerdriver:

                      The indices are showing up as secure, but when I open a thread, it shows up as mixed content. While I'm writing this reply, it's also showing up as secure. Maybe some minor glitches in the certificate?

                      How could the pfsense.org certificate authenticate external content not hosted on forum.pfsense.org? In this case it's plain http so naturally no certificate is used for the connection.

                      1 Reply Last reply Reply Quote 0
                      • Gertjan
                        Gertjan last edited by

                        I decided to change the http://… URL to my avatar for a https:// ... version.

                        I used https://forum.pfsense.org/index.php?action=profile;area=forumprofile

                        https://www.papy-team.fr/forum/e107_files/public/avatars/ap_59_nco_ranks_sergant.gif works when used directly.

                        But ... changing my profile ends up with a nice Your profile has been updated successfully and the setting is switched to "No avatar" like a https:// URL isn't accepted.

                        Btw : why not forcing a https URL if one chooses to use an avatar ?

                        edit : Better yet : retrying to set my URL gives me a "504 Gateway Time-out - nginx"
                        No avatars are shown on the main forum page ( https://forum.pfsense.org/index.php ) but still some info is send over using http, so navigators show "partially unsecured connection". : Ok, get it. It was my own avatar using http:// … Logic.

                        No "help me" PM's please. Use the forum.

                        1 Reply Last reply Reply Quote 0
                        • jimp
                          jimp Rebel Alliance Developer Netgate last edited by

                          Just choose the option to upload the avatar and go that way. It appears SMF (at least this version) doesn't want to allow HTTPS avatars.

                          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                          Need help fast? Netgate Global Support!

                          Do not Chat/PM for help!

                          1 Reply Last reply Reply Quote 0
                          • jahonix
                            jahonix last edited by

                            Where can I upload an avatar?


                            1 Reply Last reply Reply Quote 0
                            • jimp
                              jimp Rebel Alliance Developer Netgate last edited by

                              Hmm, maybe it requires a higher level of permission. It shows for me.


                              Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                              Need help fast? Netgate Global Support!

                              Do not Chat/PM for help!

                              1 Reply Last reply Reply Quote 0
                              • GruensFroeschli
                                GruensFroeschli last edited by

                                I only have the first 3 options.
                                I just tried to change the URL to my avatar (to https://skylabs.ch/avatar.png) and now the avatar is gone completly.

                                Edit: Yeah changing the link to http://skylabs.ch/avatar.png seems to work, but isn't that what the google warning is about? That you have a https page which includes http content?

                                We do what we must, because we can.

                                Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

                                1 Reply Last reply Reply Quote 0
                                • D
                                  doktornotor Banned last edited by

                                  @GruensFroeschli:

                                  Edit: Yeah changing the link to http://skylabs.ch/avatar.png seems to work, but isn't that what the google warning is about? That you have a https page which includes http content?

                                  No, that's not a mixed content warning. It's about a site being in the Google Safebrowsing DB. As for mixed content, the only solution here would be adding a header to force everything via HTTPS. At that point, you break not just avatars but thousands and thousands of images linked from other sources here that have no support for HTTPS.

                                  1 Reply Last reply Reply Quote 0
                                  • johnpoz
                                    johnpoz LAYER 8 Global Moderator last edited by

                                    Yeah I would much rather host avatar on pfsense vs remote. But don't have the upload option either.


                                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                                    If you get confused: Listen to the Music Play
                                    Please don't Chat/PM me for help, unless mod related
                                    2440 2.4.5p1 | 2x 3100 2.4.4p3 | 2x 3100 22.01 | 4860 22.05

                                    1 Reply Last reply Reply Quote 0
                                    • Gertjan
                                      Gertjan last edited by

                                      … Or just supply a https:// avatar link - which isn't accepted by this SMF forum.
                                      But, as doktornotor already mentioned : all those posts with "http" links (to images) are making Google not happy neither ...

                                      But, hey, forum admins, do not change the forum just for that, I can live with it.

                                      A trick : see image
                                      Goto " pfSense Forum » Profile of YOU » Look and Layout" and check "Don't show users' avatars." and most pages (without external images) have the green lock again ;)


                                      No "help me" PM's please. Use the forum.

                                      1 Reply Last reply Reply Quote 0
                                      • jahonix
                                        jahonix last edited by

                                        @Gertjan:

                                        "Don't show users' avatars."

                                        That's not an option - I wanna see if hell freezes over.  :P

                                        1 Reply Last reply Reply Quote 0
                                        • D
                                          doktornotor Banned last edited by

                                          On the avatar note: anyone noticed gravatar is very much broken lately? Very visible in Redmine, takes ages for the page to load, and eventually it doesn't work.

                                          1 Reply Last reply Reply Quote 0
                                          • First post
                                            Last post