Page 1 of 1

AEVA Non-Secure so Password Issue

Posted: Tue, 21 May 2019, 11:21
by petermcm
Hi Admin

Can you PLEASE update the website so it runs a SECURE login page
ie HTTPS
Currently user passwords are sent over the internet in plain text (very poor)

Re: AEVA Non-Secure so Password Issue

Posted: Tue, 21 May 2019, 15:50
by jonescg
@rhills - any idea how to fix this?

@coulomb?

Re: AEVA Non-Secure so Password Issue

Posted: Tue, 21 May 2019, 16:31
by lobster
Try this, it works for me.

Select the address bar: http://forums.aeva.asn.au

Delete http://, and insert https:// and press Enter.

This works on Chrome and Internet Explorer Browsers.

Log in securely, all the AEVA Forum links remain prefixed with https//

Create a new AEVA Forum bookmark. Logout. Test the new AEVA Forum bookmark. :ugeek:

Edited

Re: AEVA Non-Secure so Password Issue

Posted: Tue, 21 May 2019, 17:23
by coulomb
lobster wrote:
Tue, 21 May 2019, 16:31
Delete http://, and type: https://
That requires quite a lot of work behind the scenes to make the actual encryption work. I have no idea how close we are to having support for that, sorry.

Edit: it seems that 99% of the work is already done for us; see the next several messages.

Re: AEVA Non-Secure so Password Issue

Posted: Tue, 21 May 2019, 17:51
by woody
It’s not trivial but it’s not heaps of work for someone who’s done it before, certificates are now free thanks to the “Lets Encrypt” initiative, possibly the hosting company offers a one-off cost to set it up and turn it on?

Re: AEVA Non-Secure so Password Issue

Posted: Tue, 21 May 2019, 19:11
by petermcm
Yes very cheap and not a big task for a web guru. I am guessing many of the AEVA members are on big $s and likely to reuse there web passwords as not all nerds. Highly recommend we do this to protect them and there reused passwords. It should come out of national budget and each state chip in. Thinking price to fix this inc web nerd is $200 max (likely $50 if an admin reaches out to there 15 year old kids to do it).

Re: AEVA Non-Secure so Password Issue

Posted: Tue, 21 May 2019, 19:39
by jonescg
We're in the process of sorting out a better website and membership database which comes with substantial costs, so encryption would no doubt be part of that.
Hopefully in time for the next AGM.

Re: AEVA Non-Secure so Password Issue

Posted: Tue, 21 May 2019, 21:57
by lobster
I edited my post above to be more instructive, and have placed a copy here.

Please try following this procedure, this works on Chrome and Internet Explorer Browsers.

Select the address bar: http://forums.aeva.asn.au

Delete http:// and insert https:// and press Enter.

Log in securely, all the AEVA Forum links remain prefixed with https//

Create a new AEVA Forum bookmark. Logout. Test the new AEVA Forum bookmark. :ugeek:

Re: AEVA Non-Secure so Password Issue

Posted: Tue, 21 May 2019, 22:38
by mikedufty
I hear hacked AEVA forum accounts are quite sought after on the dark web.

Re: AEVA Non-Secure so Password Issue

Posted: Wed, 22 May 2019, 07:01
by Scotty T
Did this recently for a forum I run for a club. It's very simple, whoever has access to your hosting should be able to make it happen.

https://stackoverflow.com/questions/439 ... od-rewrite

Re: AEVA Non-Secure so Password Issue

Posted: Wed, 22 May 2019, 12:54
by Richo
mikedufty wrote:
Tue, 21 May 2019, 22:38
I hear hacked AEVA forum accounts are quite sought after on the dark web.
:lol: That's how I got mine after getting banned :lol:

Re: AEVA Non-Secure so Password Issue

Posted: Wed, 22 May 2019, 13:11
by woody
lobster wrote:
Tue, 21 May 2019, 21:57
I edited my post above to be more instructive, and have placed a copy here.

Please try following this procedure, this works on Chrome and Internet Explorer Browsers.

Select the address bar: http://forums.aeva.asn.au

Delete http:// and insert https:// and press Enter.

Log in securely, all the AEVA Forum links remain prefixed with https//

Create a new AEVA Forum bookmark. Logout. Test the new AEVA Forum bookmark. :ugeek:
Yes the hosting includes a certificate which it looks like the hosting is maintaining (valid May 2019-Aug 2019).

There are some warnings as the images are not encrypted (no biggie).

So:
Work-around: follow the above instructions
Fix: someone (rhills?) mess with .htaccess file and phpBB so default login and images are all on https://

Re: AEVA Non-Secure so Password Issue

Posted: Wed, 22 May 2019, 16:11
by coulomb
woody wrote:
Wed, 22 May 2019, 13:11
lobster wrote:
Tue, 21 May 2019, 21:57
Please try following this procedure, this works on Chrome and Internet Explorer Browsers. ...
Yes the hosting includes a certificate which it looks like the hosting is maintaining (valid May 2019-Aug 2019).
Wow! They really are making an effort to make it easier these days. When DIYElectriccar.com converted to https about a year ago, the content was down for weeks, and the entire garage section is still not present, presumed never to be seen again.

Thanks @lobster and @woody for the interim instructions. I can confirm that it works for the Firefox browser as well.

Re: AEVA Non-Secure so Password Issue

Posted: Wed, 05 Jun 2019, 08:59
by PiMan
mikedufty wrote:
Tue, 21 May 2019, 22:38
I hear hacked AEVA forum accounts are quite sought after on the dark web.
Any email/password pair is valuable, regardless of source, because people use the same ones all over the place.

Re: AEVA Non-Secure so Password Issue

Posted: Wed, 05 Jun 2019, 12:37
by Richo
AND that's how I got my facebook account :lol:

Re: AEVA Non-Secure so Password Issue

Posted: Wed, 05 Jun 2019, 22:17
by rhills
Just returned home from my 2 months cruising up to Shark Bay and back 8-) .

Thanks for the discussion and links. I've tweaked our .htaccess file IAW the link that @Scotty T posted and it seems to be working.

Any problems with the change, please PM me or post to this thread using the @ ("mention") function and my username (rhills).

Cheers,

Re: AEVA Non-Secure so Password Issue

Posted: Thu, 06 Jun 2019, 06:36
by jonescg
Thanks Rob. Enjoy your 900 emails to sift through.
Worst part about tuning out for a couple of weeks is coming back to the tsunami of emails.

Re: AEVA Non-Secure so Password Issue

Posted: Thu, 06 Jun 2019, 07:49
by Scotty T
Works a treat :)