home register FAQ memberlist calendar

Go Back   Turbobricks Forums > General > website & board

Reply
 
Thread Tools Display Modes
Old 04-21-2017, 05:46 PM   #76
CAPT_BLOTTO
#Crush It
 
CAPT_BLOTTO's Avatar
 
Join Date: Jul 2005
Location: Kansas City
Default

Quote:
Originally Posted by boostdemon View Post
This whole thread should have been a PM.
That's the story of my life.
__________________
Hello My Glorious!

Junkyard Parts request thread!
Mesquite FB page! Constant updates!

Da Yellow Sold | $800 245 | 77 244
CAPT_BLOTTO is offline   Reply With Quote
Old 04-22-2017, 07:48 PM   #77
240240
I crush everything!
 
240240's Avatar
 
Join Date: Mar 2013
Location: Southern California Über Alles
Default

Thanks bush
__________________
Quote:
Originally Posted by 240240 View Post
Any thread about cut springs, & or +T on a college students budget shall be sent to OT, flogged for 24 hours, participants in said thread shall point the OP in the correct thread link while simultaneously shaming them
I know what I have, and you can buy it here
240240 is offline   Reply With Quote
Old 04-23-2017, 12:27 AM   #78
Powder>Paint
Board Member
 
Join Date: Jan 2017
Location: Bay Area CA
Default

Quote:
Originally Posted by boostdemon View Post
^ you're a contributor already though... multiple times over if i remember correctly.
http://www.turbobricks.com/donate.php for all you grey users.

The other issue is that we redirect turbobricks.com to tbforums.com because i don't own the domain. I've been trying to get it from Garrett for the better part of a decade but it hasnt happened. We would either need a very expensive SAN cert, or buy multiple certs because we actually redirect 6 domains here. Then you have other issues with forums using ssl... like getting pop-up warnings for things like off-site images in the posts.
Donated!
Powder>Paint is offline   Reply With Quote
Old 01-31-2018, 02:19 PM   #79
boostdemon
creative mastermind
 
boostdemon's Avatar
 
Join Date: May 2002
Location: Cary, NC
Default

Forums are now secure. Please let me know if you run into a URL variation that does not redirect to https://forums.tbforums.com

Thank you for your patience.
__________________

"Flathood" Owners | Motorcyclists | Guitarists
boostdemon is offline   Reply With Quote
Old 02-09-2018, 08:12 PM   #80
FreeEMSFred
Board Member
 
FreeEMSFred's Avatar
 
Join Date: Nov 2009
Location: Kiwiland
Default

Ha! Get to page four and there's the answer to my questions: http://forums.turbobricks.com/showthread.php?t=339651

Please secure the original domain and then the redirect is just http >> https, very very easy.

boostdemon, I was going to re-offer to help, but it looks like the security stuff is nailed. My offer in the above thread stands for the original domain. Please don't take away that core part of what this is! Please!

Also:
Quote:
Originally Posted by smeha View Post
I prefer no one else but the current owner have an access to the board/database.
+1, keep it in good hands or it'll devolve and be sold to one of those forum-accumulating-scum-companies.

And crap, just saw the prior post about domain ownership and certs. I'm not convinced that that's true, though, is it: https://en.wikipedia.org/wiki/Domain...suing_criteria

The certbot likely uses the nonce option which doesn't involve modifying DNS records. Thoughts? Perhaps I'm just ignorant on that particular topic.
FreeEMSFred is offline   Reply With Quote
Old 02-10-2018, 12:07 AM   #81
Jack
junkman
 
Jack's Avatar
 
Join Date: Jul 2011
Location: The Ass Cheek Of History
Default

god damn Russian bots are at it again
__________________
85 245 | 82 242| 75 245| 69 145 |66 122

Make old cars great again

Quote:
Originally Posted by BritishBrick
Don’t bother, I would literally rather throw them away than give you the pleasure. I will never sell to you.
Jack is offline   Reply With Quote
Old 02-10-2018, 04:31 AM   #82
FreeEMSFred
Board Member
 
FreeEMSFred's Avatar
 
Join Date: Nov 2009
Location: Kiwiland
Default

^ three quarters of this thread is a shameful waste of space, thanks for adding to that, and motivating me to add to it with this. Good work, Jack!
FreeEMSFred is offline   Reply With Quote
Old 02-10-2018, 11:48 AM   #83
NotSoFresh
Sick ****** T-Brick Prick
 
NotSoFresh's Avatar
 
Join Date: Aug 2008
Location: gangcouver
Default

Quote:
Originally Posted by FreeEMSFred View Post
^ three quarters of this thread is a shameful waste of space, thanks for adding to that, and motivating me to add to it with this. Good work, Jack!
I don't know whats your deal....
This board was built by a person/s with shoestrings and duct tape, and then passed on when life got in the way more than once. Much the same as the cars we drive. One of the things that has held it together is the lighthearted humour from people who actually know what they are talking about most of the time. We like it this way.
If you did a little reading around you would know that in these board handoffs years ago, some details got missed, like domain ownership. There may/maynot be bad blood in the way, who knows? These things happen and you deal with it.
As to security, Posting details of the security/configuration problems(in your mind) of the site is a highly irresponsible thing to do as a member from a security perspective. If you care about the site, you wouldnt piss on it. The fact that you are posting this stuff the way you do raises hairs on the neck. Why would the board accept help from someone who pisses on it publically? It reads like a run on the board, a takeover of sorts. That was what the russian comment was about.
If someone you barely knew put up a sign in your yard that said "Bathroom window lock broken, House unsecure" would that bother you? That is what you have done.
ALL OF THESE SECURITY COMMENTS SHOULD BE PM.
NotSoFresh is offline   Reply With Quote
Old 02-10-2018, 06:00 PM   #84
FreeEMSFred
Board Member
 
FreeEMSFred's Avatar
 
Join Date: Nov 2009
Location: Kiwiland
Default

Excuse me, what? You *seem* to have no idea what type of security we're talking about here.

None of my (low traffic) sites are HTTPS but my sites are not insecure, nor is my server, no one can come and attack it for sport (well, they can try), it's just the connections between server and user that are weak (privacy of passwords or PMs, for eg, one might argue weakly "what's the difference" re "security" PM vs "security" post, in this case). PS, the word security is not in my thread, because that's not what it's about.

In bullets:
  • Thanks for translating Jack's post for me, but he's very very wrong about me
  • Russian bots don't have 9 years forum membership - 1 less than you, 2 more than Jack - but who cares...
  • Russian bots don't have 10 years open source community oriented site hosting experience/trackrecord
  • I have NO desire to have any database access - sharing this with anyone at all would be a massive breach of trust.
  • I have NO desire to hold anything that might give me power over this domain - I don't have time to run it, anyway, and I'm not the right person - but I do have time to help, if needed, eg the tail end of this post
  • I like the mostly hands-off way this site is run, far better than most other forums with entrenched nazi moderators. 10/10.
  • I posted because I noticed the multiple domain issue pointing in various directions with various redirects and wanted to voice my opinion that, in the hope that it would be heard and help.
  • I then (after posting my thread, because of the 1 day filter) read in this thread the reason it was done and am still curious if that's necessary or not, but it explains it, which helps settle my soul.

It's laughable that you say posting that the site doesn't have HTTPS/SSL/TLS is somehow informing anyone that's looking at it that there's a vulnerability. Laughable on many levels. Not least of which is that if they're looking at it, they *already know* what protocol it uses. But also that it's *not* a vulnerability. HTTPS/SSL/TLS is a service to users, primarily. A privacy one. It has other benefits, too, but...


================================================== =====


And because I refuse to post again without it being useful, a few questions/bits of advice that don't require me to hold any privileged information whatsoever:

1) Which server software? Apache2? Nginx? IIS? Other?
2) The redirects are configured for only the base URL so http://forums.turbobricks.com >> https://forums.tbforums.com, but http://forums.turbobricks.com/something.php just loads without redirecting.
3) Similarly, the base URL paths such as this catch-all http://turbobricks.com/lskj don't redirect, but simple http://turbobricks.com/ redirects to https://tbforums.com/ just fine. If I had to guess, it's the same rule in play here.
4) Not my desire, but if you really want to move forward with basically killing off the old domain with all the strengths it has, then all you really need to do is fix the redirects so they work for paths too, and keep the paths
5) Here's mine for Apache2, I believe Nginx is similar, no idea on IIS:

[code]RedirectPermanent /forums/ http://forum.diyefi.org/[/code]

^ the trailing slash is important IIRC. Similarly for forcing www to not exist I have:

[code]
ServerName www.freeems.org
ServerAlias *.freeems.org
RedirectPermanent / http://freeems.org/
[/code]

Again, trailing slashes important, and this configuration has to come AFTER other configurations - it's a catch all that says "www.freeems.org >> freeems.org" explicitly (and redundantly) and "*.freeems.org (that we didn't already match in other config) >> freeems.org, hence www being redundant as * would match that like it would match omgwtfbbq.freeems.org :-)

Basically you're currently serving all pages to at least 4 different distinct domains, and that's bad practice for a bunch of reasons. With the redirects sorted it can all be on one or two (I'd keep turbobricks.com separate by using the forums. subdomain, but that's your call).

Hope that helps.
FreeEMSFred is offline   Reply With Quote
Old 02-10-2018, 07:41 PM   #85
swedefiend
...
 
Join Date: Jul 2004
Default

Quote:
Originally Posted by FreeEMSFred View Post
...
1) Which server software? Apache2? Nginx? IIS? Other?
...
You seem to know just enough to be dangerous...

I agree. Things like this are best PM'D.
swedefiend is offline   Reply With Quote
Old 02-10-2018, 10:27 PM   #86
NotSoFresh
Sick ****** T-Brick Prick
 
NotSoFresh's Avatar
 
Join Date: Aug 2008
Location: gangcouver
Default

Quote:
Originally Posted by FreeEMSFred View Post
I refuse to post again without it being useful .
Awesome. Since you seem to want a pissing contest:

FYI I got my first email addy in '89. I started my first dialup bbs in '90. First computer job was in research and development of touchscreen based data acquisition systems for oil rigs in '97. Mcse and Cne certification in 98. In '02 spent 5 years as lead tech at large adult content web host. I had 25 t3 lines into my rack...Then it was tech for a large (100+ students) auto desk school for a few years. In addition, I started and ran several successful gaming cafes in the late 90's and early aughts.
After over 20 year in the industry I left because I was tired of knowitall geeks.
By my math, I have over double the experience you do, but who is counting.
Back to volvos

Last edited by NotSoFresh; 02-10-2018 at 10:43 PM..
NotSoFresh is offline   Reply With Quote
Old 02-10-2018, 11:04 PM   #87
NotSoFresh
Sick ****** T-Brick Prick
 
NotSoFresh's Avatar
 
Join Date: Aug 2008
Location: gangcouver
Default

Quote:
Originally Posted by FreeEMSFred View Post
PS, the word security is not in my thread, because that's not what it's about.
AHEM:

Title of thread: "Forum is NOT secure"..........

First post:
Quote:
Originally Posted by epborden View Post
The site is not secured with a security certificate and HTTPS. This makes this site vulnerable in that anyone who logs in is subject to a MITM (man-in-the-middle) attack making them vulnerable. Other attacks can easily: take the site down completely, hijack files on the site to deliver malicious content, or leak every single users information including the administrators. This is irresponsible and it is my recommendation that the site be secured properly.
Quote:
Originally Posted by epborden View Post
It's not necessarily about privacy so much as it is about security.

An example would be that the website could be potentially used as a platform to deliver malicious content to end users. That content could then be used to capture their data, even important data not used on this site, such as credit card information. That is possible because the website was used as a vector to deliver the malicious content on to their computer. Not everyone is educated to the point where they would be informed as to what to look for and therefore have almost no idea it was occurring to them.
Quote:
Originally Posted by epborden View Post
Not securing the forum, while of course up for debate,
I'm confused. How is that second to last one is not instructions of a possible way to hack the site, posted in a thread about how it is not secure???????
You talk about not instulting people yet you call them irresponsible

Quote:
Originally Posted by epborden View Post
The degree in which this site in particular operates is up for debate, but the responsible and mature thing to do would be to implement a solution so that the example scenario, and other scenarios like it, may not have a chance to occur.
This implies that if the mods don't do it the way you say, they are immature and irresponsible. It is their house. If you came into my house and told me i was immature and irresponsible in front of my guests, it would not turn out good for you.
NotSoFresh is offline   Reply With Quote
Old 02-10-2018, 11:40 PM   #88
swedefiend
...
 
Join Date: Jul 2004
Default

Quote:
Originally Posted by swedefiend View Post
You seem to know just enough to be dangerous...

I agree. Things like this are best PM'D.
I digress. Fred seems to have relevant experience.

But, in the interest of the mods having first chance opportunity to examine forum flaws... I again say - PM is best.
swedefiend is offline   Reply With Quote
Old 02-10-2018, 11:43 PM   #89
Jack
junkman
 
Jack's Avatar
 
Join Date: Jul 2011
Location: The Ass Cheek Of History
Default

relax a little bit Francis.

I still think it was the Obama's elfs along with Russian spy bots.

for proof PM me


ps. HOW DO YOU KNOW SO MUCH ABOUT RUSSIAN BOTS ?
Jack is offline   Reply With Quote
Old 02-11-2018, 04:13 AM   #90
FreeEMSFred
Board Member
 
FreeEMSFred's Avatar
 
Join Date: Nov 2009
Location: Kiwiland
Default

In bullets:
  • NotSoFresh, the word "irresponsible" is not in my posts. Only yours.
  • NotSoFresh, great pissing, 'cept it's into the wind. I could not care less. Your credentials don't excuse your confusion about threads and who's posting in them with what. Looks like we started on computers about the same year You may have beaten me by a few months, que triste.
  • NotSoFresh, MY thread (which is not this one, but is linked in my first post in this one IIRC, or a later one, if I don't) not this thread, does not have the word security in it.

So:
  • I've made NO comment as to the posts of the OP of this thread, whatsoever (well, except that the SSL thing is a good idea, and starting such a thread to push it forward is equally).
  • I have made comments about the SNR of this thread due to people being funny. It makes it difficult to follow the relevant content about getting the issues resolved.
  • I also generally like the humour stuff, but I feel like a technical thread is the wrong place for it. My 2c.

I've read this one, and the 2018 maintenance one, my own one (to check to ensure you were wrong), and sent my donation in, and I see reasons (valid or otherwise) for everything I've observed. I just hope in the end it is resolved in the optimum way (as per my view of the world, with a sensible tb.xyz domain).

I was only trying to help, which someone else posted earlier, was likely my first mistake Anyway, the 20 bucks should help, even if the posts don't... SUCCESS!

swedefiend, re the answer to my "which server" question, yes, private, however the question is harmless, unless the asked are naive. I'll give them the benefit of the doubt and avoid directly publicly asking such details in future. All good.

Back to Volvos. I just got home in my Polaris clad 940 wagon, wife driving, and she's improving :-)
FreeEMSFred is offline   Reply With Quote
Old 02-11-2018, 12:43 PM   #91
Jack
junkman
 
Jack's Avatar
 
Join Date: Jul 2011
Location: The Ass Cheek Of History
Default

Quote:
Originally Posted by FreeEMSFred View Post

[list][*]Thanks for translating Jack's post for me, but he's very very wrong about me[*]Russian bots don't have 9 years forum membership - 1 less than you, 2 more than Jack - but who cares...[*]Russian bots don't have 10 years open source community oriented site hosting experience/trackrecord
I didnt want to respond to this earlier because on mobile editing sucks...


I said this
Quote:
Originally Posted by Jack View Post
god damn Russian bots are at it again
and somehow you got it into your head I was talking about you WTF?



edit .. only a Russian bot would go out the way to spread fake news like this to try and cover-up their security breach
Jack is offline   Reply With Quote
Old 02-11-2018, 02:59 PM   #92
FreeEMSFred
Board Member
 
FreeEMSFred's Avatar
 
Join Date: Nov 2009
Location: Kiwiland
Default

Reasonable assumption - 1.5 weeks no posts, I post, you reply. 'nough said.
FreeEMSFred is offline   Reply With Quote
Old 02-12-2018, 11:47 AM   #93
SlowRide
Cold War Crumple Zones
 
SlowRide's Avatar
 
Join Date: Aug 2008
Location: FLORI-DERP
Default

This some Mall Ninja ish right hurr.
__________________
- Justin
1980 242 DL
240 Junk for Sale
Feedback
SlowRide is offline   Reply With Quote
Old 02-12-2018, 01:42 PM   #94
Jack
junkman
 
Jack's Avatar
 
Join Date: Jul 2011
Location: The Ass Cheek Of History
Default

Quote:
Originally Posted by FreeEMSFred View Post
Reasonable assumption - 1.5 weeks no posts, I post, you reply. 'nough said.
because the thread got bumped you dummy
Jack is offline   Reply With Quote
Old 02-12-2018, 02:02 PM   #95
240240
I crush everything!
 
240240's Avatar
 
Join Date: Mar 2013
Location: Southern California Über Alles
Default

wat dis? Did I get hacked for posting here?
240240 is offline   Reply With Quote
Old 02-12-2018, 02:09 PM   #96
Jack
junkman
 
Jack's Avatar
 
Join Date: Jul 2011
Location: The Ass Cheek Of History
Default

Jack is offline   Reply With Quote
Old 02-12-2018, 05:42 PM   #97
240240
I crush everything!
 
240240's Avatar
 
Join Date: Mar 2013
Location: Southern California Über Alles
Default





240240 is offline   Reply With Quote
Old 02-12-2018, 08:17 PM   #98
Jack
junkman
 
Jack's Avatar
 
Join Date: Jul 2011
Location: The Ass Cheek Of History
Default

Jack is offline   Reply With Quote
Old 02-12-2018, 08:53 PM   #99
240240
I crush everything!
 
240240's Avatar
 
Join Date: Mar 2013
Location: Southern California Über Alles
Default

I'll raise you some Logan's run.



240240 is offline   Reply With Quote
Old 02-12-2018, 09:35 PM   #100
boostdemon
creative mastermind
 
boostdemon's Avatar
 
Join Date: May 2002
Location: Cary, NC
Default

Dunno why more drama.

I own tbforums.com ... i have an ssl cert there. I have 301 perm redirected turbobricks.* to https://forums.tbforums.com for now. Its all a temporary measure until more things get sorted. I will be dropping the a-record 'forums' in the future anyway.
boostdemon is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On

Forum Jump


All times are GMT -4. The time now is 08:45 AM.

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2018, vBulletin Solutions Inc.