AEVA Non-Secure so Password Issue

Admin Requests, General Enquiries and Forum Issues
Post Reply
petermcm
Noobie
Posts: 10
Joined: Tue, 09 Jan 2018, 18:31
Real Name: Peter M
Location: Perth, WA

AEVA Non-Secure so Password Issue

Post by petermcm »

Hi Admin

Can you PLEASE update the website so it runs a SECURE login page
ie HTTPS
Currently user passwords are sent over the internet in plain text (very poor)
User avatar
jonescg
Senior Member
Posts: 4721
Joined: Thu, 21 Jan 2010, 23:05
Real Name: Chris Jones
Location: Perth, WA.
Contact:

Re: AEVA Non-Secure so Password Issue

Post by jonescg »

@rhills - any idea how to fix this?

@coulomb?
AEVA National President, WA branch director.
User avatar
lobster
Groupie
Posts: 77
Joined: Wed, 13 Jul 2011, 18:03
Real Name: Steve
Location: Adelaide SA

Re: AEVA Non-Secure so Password Issue

Post by lobster »

Try this, it works for me.

Select the address bar: http://forums.aeva.asn.au

Delete http://, and insert https:// and press Enter.

This works on Chrome and Internet Explorer Browsers.

Log in securely, all the AEVA Forum links remain prefixed with https//

Create a new AEVA Forum bookmark. Logout. Test the new AEVA Forum bookmark. :ugeek:

Edited
Last edited by lobster on Tue, 21 May 2019, 21:48, edited 1 time in total.
User avatar
coulomb
Site Admin
Posts: 6357
Joined: Thu, 22 Jan 2009, 20:32
Real Name: Mike Van Emmerik
Location: Brisbane
Contact:

Re: AEVA Non-Secure so Password Issue

Post by coulomb »

lobster wrote: Tue, 21 May 2019, 16:31 Delete http://, and type: https://
That requires quite a lot of work behind the scenes to make the actual encryption work. I have no idea how close we are to having support for that, sorry.

Edit: it seems that 99% of the work is already done for us; see the next several messages.
MG ZS EV 2021 April 2021. Nissan Leaf 2012 with new battery May 2019.
5650 W solar, 2xPIP-4048MS inverters, 16 kWh battery.
Patching PIP-4048/5048 inverter-chargers.
If you appreciate my work, you can buy me a coffee.
User avatar
woody
Senior Member
Posts: 1716
Joined: Sat, 21 Jun 2008, 02:03
Real Name: Anthony Wood
Location: Mt Colah

Re: AEVA Non-Secure so Password Issue

Post by woody »

It’s not trivial but it’s not heaps of work for someone who’s done it before, certificates are now free thanks to the “Lets Encrypt” initiative, possibly the hosting company offers a one-off cost to set it up and turn it on?
Planned EV: '63 Cortina using AC and LiFePO4 Battery Pack
petermcm
Noobie
Posts: 10
Joined: Tue, 09 Jan 2018, 18:31
Real Name: Peter M
Location: Perth, WA

Re: AEVA Non-Secure so Password Issue

Post by petermcm »

Yes very cheap and not a big task for a web guru. I am guessing many of the AEVA members are on big $s and likely to reuse there web passwords as not all nerds. Highly recommend we do this to protect them and there reused passwords. It should come out of national budget and each state chip in. Thinking price to fix this inc web nerd is $200 max (likely $50 if an admin reaches out to there 15 year old kids to do it).
User avatar
jonescg
Senior Member
Posts: 4721
Joined: Thu, 21 Jan 2010, 23:05
Real Name: Chris Jones
Location: Perth, WA.
Contact:

Re: AEVA Non-Secure so Password Issue

Post by jonescg »

We're in the process of sorting out a better website and membership database which comes with substantial costs, so encryption would no doubt be part of that.
Hopefully in time for the next AGM.
AEVA National President, WA branch director.
User avatar
lobster
Groupie
Posts: 77
Joined: Wed, 13 Jul 2011, 18:03
Real Name: Steve
Location: Adelaide SA

Re: AEVA Non-Secure so Password Issue

Post by lobster »

I edited my post above to be more instructive, and have placed a copy here.

Please try following this procedure, this works on Chrome and Internet Explorer Browsers.

Select the address bar: http://forums.aeva.asn.au

Delete http:// and insert https:// and press Enter.

Log in securely, all the AEVA Forum links remain prefixed with https//

Create a new AEVA Forum bookmark. Logout. Test the new AEVA Forum bookmark. :ugeek:
mikedufty
Senior Member
Posts: 810
Joined: Tue, 02 Dec 2008, 00:15
Real Name: Michael Dufty
Location: Perth, Western Australia
Contact:

Re: AEVA Non-Secure so Password Issue

Post by mikedufty »

I hear hacked AEVA forum accounts are quite sought after on the dark web.
User avatar
Scotty T
Groupie
Posts: 102
Joined: Tue, 10 Mar 2015, 17:57
Real Name: Scott Taylor
Location: Canberra

Re: AEVA Non-Secure so Password Issue

Post by Scotty T »

Did this recently for a forum I run for a club. It's very simple, whoever has access to your hosting should be able to make it happen.

https://stackoverflow.com/questions/439 ... od-rewrite
User avatar
Richo
Senior Member
Posts: 3737
Joined: Mon, 16 Jun 2008, 00:19
Real Name: Richard
Location: Perth, WA

Re: AEVA Non-Secure so Password Issue

Post by Richo »

mikedufty wrote: Tue, 21 May 2019, 22:38 I hear hacked AEVA forum accounts are quite sought after on the dark web.
:lol: That's how I got mine after getting banned :lol:
So the short answer is NO but the long answer is YES.
Help prevent road rage - get outta my way!
User avatar
woody
Senior Member
Posts: 1716
Joined: Sat, 21 Jun 2008, 02:03
Real Name: Anthony Wood
Location: Mt Colah

Re: AEVA Non-Secure so Password Issue

Post by woody »

lobster wrote: Tue, 21 May 2019, 21:57 I edited my post above to be more instructive, and have placed a copy here.

Please try following this procedure, this works on Chrome and Internet Explorer Browsers.

Select the address bar: http://forums.aeva.asn.au

Delete http:// and insert https:// and press Enter.

Log in securely, all the AEVA Forum links remain prefixed with https//

Create a new AEVA Forum bookmark. Logout. Test the new AEVA Forum bookmark. :ugeek:
Yes the hosting includes a certificate which it looks like the hosting is maintaining (valid May 2019-Aug 2019).

There are some warnings as the images are not encrypted (no biggie).

So:
Work-around: follow the above instructions
Fix: someone (rhills?) mess with .htaccess file and phpBB so default login and images are all on https://
Planned EV: '63 Cortina using AC and LiFePO4 Battery Pack
User avatar
coulomb
Site Admin
Posts: 6357
Joined: Thu, 22 Jan 2009, 20:32
Real Name: Mike Van Emmerik
Location: Brisbane
Contact:

Re: AEVA Non-Secure so Password Issue

Post by coulomb »

woody wrote: Wed, 22 May 2019, 13:11
lobster wrote: Tue, 21 May 2019, 21:57 Please try following this procedure, this works on Chrome and Internet Explorer Browsers. ...
Yes the hosting includes a certificate which it looks like the hosting is maintaining (valid May 2019-Aug 2019).
Wow! They really are making an effort to make it easier these days. When DIYElectriccar.com converted to https about a year ago, the content was down for weeks, and the entire garage section is still not present, presumed never to be seen again.

Thanks @lobster and @woody for the interim instructions. I can confirm that it works for the Firefox browser as well.
MG ZS EV 2021 April 2021. Nissan Leaf 2012 with new battery May 2019.
5650 W solar, 2xPIP-4048MS inverters, 16 kWh battery.
Patching PIP-4048/5048 inverter-chargers.
If you appreciate my work, you can buy me a coffee.
PiMan
Groupie
Posts: 74
Joined: Thu, 19 May 2016, 18:12
Real Name: Simon
Location: Melbourne

Re: AEVA Non-Secure so Password Issue

Post by PiMan »

mikedufty wrote: Tue, 21 May 2019, 22:38 I hear hacked AEVA forum accounts are quite sought after on the dark web.
Any email/password pair is valuable, regardless of source, because people use the same ones all over the place.
User avatar
Richo
Senior Member
Posts: 3737
Joined: Mon, 16 Jun 2008, 00:19
Real Name: Richard
Location: Perth, WA

Re: AEVA Non-Secure so Password Issue

Post by Richo »

AND that's how I got my facebook account :lol:
So the short answer is NO but the long answer is YES.
Help prevent road rage - get outta my way!
rhills
Site Admin
Posts: 689
Joined: Fri, 25 Jul 2008, 01:57
Real Name: Rob Hills
Location: Waikiki, WA

Re: AEVA Non-Secure so Password Issue

Post by rhills »

Just returned home from my 2 months cruising up to Shark Bay and back 8-) .

Thanks for the discussion and links. I've tweaked our .htaccess file IAW the link that @Scotty T posted and it seems to be working.

Any problems with the change, please PM me or post to this thread using the @ ("mention") function and my username (rhills).

Cheers,
Rob Hills
AEVA Webmaster
  • 2022 Tesla M3 MIC LR
  • 2014 Mitsubishi Outlander Aspire PHEV
    Petrol Usage to last refill: Jul 2014 - Jul 2022
    Total Petrol: 889.8L
    ODO: 88417
    Av Consumption: 1.01 L/100km
User avatar
jonescg
Senior Member
Posts: 4721
Joined: Thu, 21 Jan 2010, 23:05
Real Name: Chris Jones
Location: Perth, WA.
Contact:

Re: AEVA Non-Secure so Password Issue

Post by jonescg »

Thanks Rob. Enjoy your 900 emails to sift through.
Worst part about tuning out for a couple of weeks is coming back to the tsunami of emails.
AEVA National President, WA branch director.
User avatar
Scotty T
Groupie
Posts: 102
Joined: Tue, 10 Mar 2015, 17:57
Real Name: Scott Taylor
Location: Canberra

Re: AEVA Non-Secure so Password Issue

Post by Scotty T »

Works a treat :)
Post Reply