AEVA Non-Secure so Password Issue

Admin Requests, General Enquiries and Forum Issues
Post Reply
petermcm
Noobie
Posts: 6
Joined: Tue, 09 Jan 2018, 18:31

AEVA Non-Secure so Password Issue

Post by petermcm » Tue, 21 May 2019, 11:21

Hi Admin

Can you PLEASE update the website so it runs a SECURE login page
ie HTTPS
Currently user passwords are sent over the internet in plain text (very poor)

User avatar
jonescg
Senior Member
Posts: 2819
Joined: Thu, 21 Jan 2010, 23:05
Real Name: Chris Jones
Location: Perth, WA.

Re: AEVA Non-Secure so Password Issue

Post by jonescg » Tue, 21 May 2019, 15:50

@rhills - any idea how to fix this?

@coulomb?
AEVA National Secretary, WA branch vice-chair

lobster
Noobie
Posts: 14
Joined: Wed, 13 Jul 2011, 18:03
Location: Adelaide SA

Re: AEVA Non-Secure so Password Issue

Post by lobster » Tue, 21 May 2019, 16:31

Try this, it works for me.

Select the address bar: http://forums.aeva.asn.au

Delete http://, and insert https:// and press Enter.

This works on Chrome and Internet Explorer Browsers.

Log in securely, all the AEVA Forum links remain prefixed with https//

Create a new AEVA Forum bookmark. Logout. Test the new AEVA Forum bookmark. :ugeek:

Edited
Last edited by lobster on Tue, 21 May 2019, 21:48, edited 1 time in total.

User avatar
coulomb
Site Admin
Posts: 3644
Joined: Thu, 22 Jan 2009, 20:32
Real Name: Mike Van Emmerik
Location: Brisbane
Contact:

Re: AEVA Non-Secure so Password Issue

Post by coulomb » Tue, 21 May 2019, 17:23

lobster wrote:
Tue, 21 May 2019, 16:31
Delete http://, and type: https://
That requires quite a lot of work behind the scenes to make the actual encryption work. I have no idea how close we are to having support for that, sorry.

Edit: it seems that 99% of the work is already done for us; see the next several messages.
Nissan Leaf 2012 with new battery May 2019.
5650 W solar, PIP-4048MS inverter, 16 kWh battery.
1.4 kW solar with 1.2 kW Latronics inverter and FIT.
160 W solar, 2.5 kWh 24 V battery for lights.
Patching PIP-4048/5048 inverter-chargers.

User avatar
woody
Senior Member
Posts: 1712
Joined: Sat, 21 Jun 2008, 02:03
Real Name: Anthony Wood
Location: Mt Colah

Re: AEVA Non-Secure so Password Issue

Post by woody » Tue, 21 May 2019, 17:51

It’s not trivial but it’s not heaps of work for someone who’s done it before, certificates are now free thanks to the “Lets Encrypt” initiative, possibly the hosting company offers a one-off cost to set it up and turn it on?
Planned EV: '63 Cortina using AC and LiFePO4 Battery Pack

petermcm
Noobie
Posts: 6
Joined: Tue, 09 Jan 2018, 18:31

Re: AEVA Non-Secure so Password Issue

Post by petermcm » Tue, 21 May 2019, 19:11

Yes very cheap and not a big task for a web guru. I am guessing many of the AEVA members are on big $s and likely to reuse there web passwords as not all nerds. Highly recommend we do this to protect them and there reused passwords. It should come out of national budget and each state chip in. Thinking price to fix this inc web nerd is $200 max (likely $50 if an admin reaches out to there 15 year old kids to do it).

User avatar
jonescg
Senior Member
Posts: 2819
Joined: Thu, 21 Jan 2010, 23:05
Real Name: Chris Jones
Location: Perth, WA.

Re: AEVA Non-Secure so Password Issue

Post by jonescg » Tue, 21 May 2019, 19:39

We're in the process of sorting out a better website and membership database which comes with substantial costs, so encryption would no doubt be part of that.
Hopefully in time for the next AGM.
AEVA National Secretary, WA branch vice-chair

lobster
Noobie
Posts: 14
Joined: Wed, 13 Jul 2011, 18:03
Location: Adelaide SA

Re: AEVA Non-Secure so Password Issue

Post by lobster » Tue, 21 May 2019, 21:57

I edited my post above to be more instructive, and have placed a copy here.

Please try following this procedure, this works on Chrome and Internet Explorer Browsers.

Select the address bar: http://forums.aeva.asn.au

Delete http:// and insert https:// and press Enter.

Log in securely, all the AEVA Forum links remain prefixed with https//

Create a new AEVA Forum bookmark. Logout. Test the new AEVA Forum bookmark. :ugeek:

mikedufty
Senior Member
Posts: 621
Joined: Tue, 02 Dec 2008, 00:15
Real Name: Michael Dufty
Location: Perth, Western Australia
Contact:

Re: AEVA Non-Secure so Password Issue

Post by mikedufty » Tue, 21 May 2019, 22:38

I hear hacked AEVA forum accounts are quite sought after on the dark web.

User avatar
Scotty T
Groupie
Posts: 57
Joined: Tue, 10 Mar 2015, 17:57
Real Name: Scott Taylor
Location: Canberra

Re: AEVA Non-Secure so Password Issue

Post by Scotty T » Wed, 22 May 2019, 07:01

Did this recently for a forum I run for a club. It's very simple, whoever has access to your hosting should be able to make it happen.

https://stackoverflow.com/questions/439 ... od-rewrite

Richo
Senior Member
Posts: 3602
Joined: Mon, 16 Jun 2008, 00:19
Real Name: Richard
Location: Perth, WA

Re: AEVA Non-Secure so Password Issue

Post by Richo » Wed, 22 May 2019, 12:54

mikedufty wrote:
Tue, 21 May 2019, 22:38
I hear hacked AEVA forum accounts are quite sought after on the dark web.
:lol: That's how I got mine after getting banned :lol:
Help prevent road rage - get outta my way! Blasphemy is a swear word. Magnetic North is a south Pole.

User avatar
woody
Senior Member
Posts: 1712
Joined: Sat, 21 Jun 2008, 02:03
Real Name: Anthony Wood
Location: Mt Colah

Re: AEVA Non-Secure so Password Issue

Post by woody » Wed, 22 May 2019, 13:11

lobster wrote:
Tue, 21 May 2019, 21:57
I edited my post above to be more instructive, and have placed a copy here.

Please try following this procedure, this works on Chrome and Internet Explorer Browsers.

Select the address bar: http://forums.aeva.asn.au

Delete http:// and insert https:// and press Enter.

Log in securely, all the AEVA Forum links remain prefixed with https//

Create a new AEVA Forum bookmark. Logout. Test the new AEVA Forum bookmark. :ugeek:
Yes the hosting includes a certificate which it looks like the hosting is maintaining (valid May 2019-Aug 2019).

There are some warnings as the images are not encrypted (no biggie).

So:
Work-around: follow the above instructions
Fix: someone (rhills?) mess with .htaccess file and phpBB so default login and images are all on https://
Planned EV: '63 Cortina using AC and LiFePO4 Battery Pack

User avatar
coulomb
Site Admin
Posts: 3644
Joined: Thu, 22 Jan 2009, 20:32
Real Name: Mike Van Emmerik
Location: Brisbane
Contact:

Re: AEVA Non-Secure so Password Issue

Post by coulomb » Wed, 22 May 2019, 16:11

woody wrote:
Wed, 22 May 2019, 13:11
lobster wrote:
Tue, 21 May 2019, 21:57
Please try following this procedure, this works on Chrome and Internet Explorer Browsers. ...
Yes the hosting includes a certificate which it looks like the hosting is maintaining (valid May 2019-Aug 2019).
Wow! They really are making an effort to make it easier these days. When DIYElectriccar.com converted to https about a year ago, the content was down for weeks, and the entire garage section is still not present, presumed never to be seen again.

Thanks @lobster and @woody for the interim instructions. I can confirm that it works for the Firefox browser as well.
Nissan Leaf 2012 with new battery May 2019.
5650 W solar, PIP-4048MS inverter, 16 kWh battery.
1.4 kW solar with 1.2 kW Latronics inverter and FIT.
160 W solar, 2.5 kWh 24 V battery for lights.
Patching PIP-4048/5048 inverter-chargers.

PiMan
Groupie
Posts: 61
Joined: Thu, 19 May 2016, 18:12
Real Name: Simon
Location: Melbourne

Re: AEVA Non-Secure so Password Issue

Post by PiMan » Wed, 05 Jun 2019, 08:59

mikedufty wrote:
Tue, 21 May 2019, 22:38
I hear hacked AEVA forum accounts are quite sought after on the dark web.
Any email/password pair is valuable, regardless of source, because people use the same ones all over the place.

Richo
Senior Member
Posts: 3602
Joined: Mon, 16 Jun 2008, 00:19
Real Name: Richard
Location: Perth, WA

Re: AEVA Non-Secure so Password Issue

Post by Richo » Wed, 05 Jun 2019, 12:37

AND that's how I got my facebook account :lol:
Help prevent road rage - get outta my way! Blasphemy is a swear word. Magnetic North is a south Pole.

rhills
Site Admin
Posts: 386
Joined: Fri, 25 Jul 2008, 01:57
Real Name: Rob Hills
Location: Waikiki, WA

Re: AEVA Non-Secure so Password Issue

Post by rhills » Wed, 05 Jun 2019, 22:17

Just returned home from my 2 months cruising up to Shark Bay and back 8-) .

Thanks for the discussion and links. I've tweaked our .htaccess file IAW the link that @Scotty T posted and it seems to be working.

Any problems with the change, please PM me or post to this thread using the @ ("mention") function and my username (rhills).

Cheers,
Rob Hills
AEVA Webmaster
2014 Mitsubishi Outlander Aspire PHEV
Jul 2014 - Mar 2019
Total Petrol: 646.6L
ODO: 47979
Av Consumption: 1.35 L/100km

User avatar
jonescg
Senior Member
Posts: 2819
Joined: Thu, 21 Jan 2010, 23:05
Real Name: Chris Jones
Location: Perth, WA.

Re: AEVA Non-Secure so Password Issue

Post by jonescg » Thu, 06 Jun 2019, 06:36

Thanks Rob. Enjoy your 900 emails to sift through.
Worst part about tuning out for a couple of weeks is coming back to the tsunami of emails.
AEVA National Secretary, WA branch vice-chair

User avatar
Scotty T
Groupie
Posts: 57
Joined: Tue, 10 Mar 2015, 17:57
Real Name: Scott Taylor
Location: Canberra

Re: AEVA Non-Secure so Password Issue

Post by Scotty T » Thu, 06 Jun 2019, 07:49

Works a treat :)

Post Reply