"This site may be hacked"

machinist · 26th March 2017, 04:53 AM

I have noticed the sword at the top of the page has changed recently, perhaps hackers are responsible.

Rick · 26th March 2017, 05:55 AM

I don't think so.
We had for years a Takouba.
I think Lee may have switched the sword to match the Vikingsword forum name.

Gavin Nugent · 26th March 2017, 07:42 AM

http://www.vikingsword.com/vb/showth...ghlight=hacked

kronckew · 26th March 2017, 07:53 AM

it'd be better to be accessing via the more secure https://www.vikingsword.com/vb/,
rather than the unencrypted http:// version.

David R · 26th March 2017, 08:54 AM

Quote:

Originally Posted by kronckew

it'd be better to be accessing via the more secure https://www.vikingsword.com/vb/,
rather than the unencrypted http:// version.

And that's the link that threw up the warning header for me just now.

fernando · 26th March 2017, 10:19 AM

Quote:

Originally Posted by Rick

I don't think so.
We had for years a Takouba.
I think Lee may have switched the sword to match the Vikingsword forum name.

Yes indeed

Lee · 26th March 2017, 02:49 PM

1. This site has never had, nor ever been configured for, a security certificate. It has always been under the regular old http (hypertext transfer protocol.) The secure protocol (https) is essential for banking, e-commerce and medical record sites and such where sensitive financial or other data is being passed back and forth. So, probably similarly sensitive information should not be included in private messages here, as it would travel on the internet unencrypted and you will be relying on it being a needle in a haystack.

2. Matchlock had complained of the takouba in the forums logo (preferring a European medieval sword he had seen in an auction) and I had promised to change it 'when convenient.' When I switched back from the seminar announcement, I did so, though I remain somewhat unsatisfied with the result.

3. I have seen Google's 'this site may be hacked' message myself on occasion. I followed the links the first time and was directed to register some sort of account and install something and then they would reveal to me what was of concern. I did not enter that gauntlet of hoops. I looked at the html of the top pages and nothing was out of order. I killed some dead links and links that had gone sleazy.

4. If any member actually encounters any page that is part of this site with suspicious material or encounters sleaze when following a link from here, please report it to me. This site is maintained on a 'shared' server and that may sometimes result in 'blacklisting' when there is malfeasance on any of the sites hosted on that server. Similarly, this site has been blocked by some shabbily coded 'net nanny' software because of the presence of such words as 'weapon.'

5. Offers of paid advertising (i.e. renting out your eyeballs) are regularly and uniformly rejected and donations are neither sought nor accepted. Life is much simpler and better this way. Maybe someday this community will create a proper nonprofit organization to administer and maintain this project and with that will come updated and professionally administered services (likely along with an end to the budget restricting policies noted in the first paragraph of this paragraph).

kronckew · 26th March 2017, 04:19 PM

google is 'encouraging everyone to go to https

see https://www.freshleafmedia.co.uk/blo...te-be-on-https, amongst others...

Quote:

Why should I use it for my website?

Well, if you’re sending any information you wouldn’t want a third party to get their hands on, HTTPS makes sense. It’s not true to say that you only need HTTPS if users are submitting credit card details to your site (although you definitely need it then, and you should never put your own credit card details into a site that isn’t secured using HTTPS). It means that any websites that have any passwords or personal information submitted to them should run on HTTPS. A good example is your Content Management System, or CMS. Many sites nowadays have a CMS that runs on the same domain as the website. So you might log in to edit your site at www.yoursite.com/cms or www.yoursite.com/wp-admin. Into that login page you put the password that enables you to edit your public-facing website. Do you really want that to fall into the wrong hands?

If that’s not enough reason (and it really should be), consider this: since 2014, Google has been pushing ‘HTTPS Everywhere’, an initiative to make the web more secure by moving all web traffic onto the secure protocol. That year the search giant announced a minor rankings boost for sites using HTTPS, meaning that it can factor into a website’s search results position. Now they’ve also announced that any website accepting credit card details or passwords via HTTP will be slapped with an ‘insecure’ warning in the latest version of Google’s Chrome browser. Google’s pushing for HTTPS, and its sanctions against sites not using it will only get stronger as time goes on.
What does it cost?

Until recently, cost was sometimes cited as a reason not to use HTTPS. Secure certificates were (in some cases) expensive to obtain, complex to configure, and had to be renewed annually. However, in April 2016 a new certificate authority, Let’s Encrypt, was launched, offering free certificates and an automated process that replaces the manual creation, validation, signing and installation of certificates… giving everyone one less reason not to use HTTPS.

note especially the bold bit, and the italic bits i've highlighted. the 'or passwords' in particular. might be why some people get warned, are they perchance using chrome? firefox is heading that way too, i get the message on some sites.

as noted if you get any message offering to fix an infection of your pc by visiting a link in a warning message, avoid it like the plague. because it IS the plague & they will infect you and try to extort money from you.

note: my browser address bar indicated that the vikingsword site is connected securely (encrypted) if i use the https address, so there's a security certificate out there somewhere in your cluster. note the little closed lock between the site favicon on the https address, it indicates the connection is encrypted. maybe your isp or hosting provider has gifted you.

edited:

have added an attachment of the message i get connecting via https in chrome, ie, and edge. appears there is a certificate but it's revoked. firefox allows for exceptions. note the upper screenshot is from firefox that is allowing connection, the seperate lower with the warning is from the other browsers. maybe your hosting co. has an expired certificate? you might want to ask them what's up. and get a free one from the company mentioned above...like chicken soup for a cold, it's can't hurt...

26th March 2017, 02:49 PM	#7
Lee EAAF Staff Join Date: Nov 2004 Location: Upstate New York, USA Posts: 897	If wishes were horses... 1. This site has never had, nor ever been configured for, a security certificate. It has always been under the regular old http (hypertext transfer protocol.) The secure protocol (https) is essential for banking, e-commerce and medical record sites and such where sensitive financial or other data is being passed back and forth. So, probably similarly sensitive information should not be included in private messages here, as it would travel on the internet unencrypted and you will be relying on it being a needle in a haystack. 2. Matchlock had complained of the takouba in the forums logo (preferring a European medieval sword he had seen in an auction) and I had promised to change it 'when convenient.' When I switched back from the seminar announcement, I did so, though I remain somewhat unsatisfied with the result. 3. I have seen Google's 'this site may be hacked' message myself on occasion. I followed the links the first time and was directed to register some sort of account and install something and then they would reveal to me what was of concern. I did not enter that gauntlet of hoops. I looked at the html of the top pages and nothing was out of order. I killed some dead links and links that had gone sleazy. 4. If any member actually encounters any page that is part of this site with suspicious material or encounters sleaze when following a link from here, please report it to me. This site is maintained on a 'shared' server and that may sometimes result in 'blacklisting' when there is malfeasance on any of the sites hosted on that server. Similarly, this site has been blocked by some shabbily coded 'net nanny' software because of the presence of such words as 'weapon.' 5. Offers of paid advertising (i.e. renting out your eyeballs) are regularly and uniformly rejected and donations are neither sought nor accepted. Life is much simpler and better this way. Maybe someday this community will create a proper nonprofit organization to administer and maintain this project and with that will come updated and professionally administered services (likely along with an end to the budget restricting policies noted in the first paragraph of this paragraph).

26th March 2017, 04:53 AM	#1
machinist Member Join Date: Oct 2010 Posts: 93	I have noticed the sword at the top of the page has changed recently, perhaps hackers are responsible.

26th March 2017, 05:55 AM	#2
Rick Vikingsword Staff Join Date: Nov 2004 Posts: 6,268	I don't think so. We had for years a Takouba. I think Lee may have switched the sword to match the Vikingsword forum name.

26th March 2017, 07:42 AM	#3
Gavin Nugent Member Join Date: Oct 2007 Posts: 2,818	http://www.vikingsword.com/vb/showth...ghlight=hacked

26th March 2017, 07:53 AM	#4
kronckew Member Join Date: Mar 2006 Location: Room 101, Glos. UK Posts: 4,152	it'd be better to be accessing via the more secure https://www.vikingsword.com/vb/, rather than the unencrypted http:// version.