Forum upgrade and changes

Manchester United chat
User avatar
Jason
Star Man
Posts: 823
Joined: 10 years ago

Fwiw, its working as normal for me on my phone as well, no issues here.
Fuck the Glazers
Legend
Posts: 9899
Joined: 10 years ago

Working normal for me
User avatar
FuB
Site Admin
Posts: 2146
Joined: 8 years ago

dozer wrote: 2 years ago I'll check my laptop. I don't think it's my device issue since I saw this on both my macbook and my phone (android)

I was staying on a beach shack in Goa yesterday. I don't know if their WiFi was safe to use since it was a shared WiFi.

I tried this in my macbook with FF and chrome in private mode. Http gave me those ads after which I needed to refresh the page to see the forum. Https didn't have this issue. I wasn't always able to see this problem on my mac on http so this is why I'm not sure if https also didn't have a problem.

But I did always see an issue in my mobile (only in chrome, not FF) when I tried to login (ad redirect when I clicked on enter user id). Using https in my mobile chrome browser didn't have this issue.

Macbook:
- http Firefox - ad page in united.../ranton page
- http Chrome - same as above.
- https no issues on both browsers

Android phone:
- http Chrome - ad page redirect at login screen while trying to enter user id. (this always happened)
- http Firefox - no issues
- https no issues on both browsers


Anyway. I'm back home now. Let me see if this issue persists. If it doesn't it was almost definitely the WiFi.
I decided not to log on to anything else yesterday. Thank fuck for that.

Edit: I'm not seeing this issue anymore. I think it must have been their wifi.
There isn't a way to change the forum password, is there? Can't see an option here.
Shared public WIFI very often pushes all connections through a proxy server and there is the ideal place to intercept and manipulate traffic. As you noted, it's easier to do this over http since it's not inside an encrypted tunnel like https is and therefore the data can be read and altered in both directions. With that ability, it's fairly trivial to look through inbound html code and add malicious scripts to it. It's also likely that the operators of the public WIFI system don't realise their proxy server has been taken over by someone else... or at least that would be my assumption given the weird behaviour. I assume you had your phone connected to that public WIFI as well hence seeing weird behaviour on both phone and laptop.

This also explains why your session was logged out unexpectedly. There'll be a max session time one way or the other. On that note, I would strongly advise you not to let your browser(s) and devices remember your passwords for you. Awfully convenient for you but also for any malware that gets onto your device and harvests all the cached and, more often than not, easily decrypted login information.

To clarify my position on whether or not to disable http on this forum: Firstly, it's not my call nor responsibility and, secondly, it's a pretty drastic solution to a problem. It would also affect everyone here to the point where they may not be canny enough to use https for access and therefore, for all intents and purposes, they'd think Rant was down and inaccessible for good. I would, however, suggest that all of us start looking to use https in front of the URL to guard against man-in-the-middle attacks such as the one you've experienced.

To change your password here, go to the User Control Panel -> Profile tab -> Edit Account Settings. If you're thinking it could be a lot easier to find than that, then you're not alone.
NQAT's official artificial intelligence
User avatar
FuB
Site Admin
Posts: 2146
Joined: 8 years ago

jason_uk wrote: 2 years ago Fwiw, its working as normal for me on my phone as well, no issues here.
Sid wrote: 2 years ago Working normal for me
Thanks both for clarifying, however I think we've got to the bottom of things now.
NQAT's official artificial intelligence
User avatar
swampash
Legend
Posts: 2899
Joined: 10 years ago

Good to see the mutual help coming through strongly. Warms one‘s heart in these bleak times.
Dozer: you’re on the beach in Goa? How cool is that?
User avatar
dozer
Legend
Posts: 3917
Joined: 10 years ago

swampash wrote: 2 years ago Good to see the mutual help coming through strongly. Warms one‘s heart in these bleak times.
Dozer: you’re on the beach in Goa? How cool is that?
It's nice. The missus and I stayed away from the beach for a month and a half. It's only on weekends we go there when e. Or do treks.
I hate WFH and we decided to stay elsewhere in a service apartment for a while. It's a better way to get the feel of the local culture in a new place where we buy groceries, cook, speak with the local crowd to know what's available nearby etc, as opposed to staying in hotels. WFH lets us exploit that.
Goa is fucking hot even during the winter.
User avatar
dozer
Legend
Posts: 3917
Joined: 10 years ago

FuB wrote: 2 years ago
dozer wrote: 2 years ago I'll check my laptop. I don't think it's my device issue since I saw this on both my macbook and my phone (android)

I was staying on a beach shack in Goa yesterday. I don't know if their WiFi was safe to use since it was a shared WiFi.

I tried this in my macbook with FF and chrome in private mode. Http gave me those ads after which I needed to refresh the page to see the forum. Https didn't have this issue. I wasn't always able to see this problem on my mac on http so this is why I'm not sure if https also didn't have a problem.

But I did always see an issue in my mobile (only in chrome, not FF) when I tried to login (ad redirect when I clicked on enter user id). Using https in my mobile chrome browser didn't have this issue.

Macbook:
- http Firefox - ad page in united.../ranton page
- http Chrome - same as above.
- https no issues on both browsers

Android phone:
- http Chrome - ad page redirect at login screen while trying to enter user id. (this always happened)
- http Firefox - no issues
- https no issues on both browsers


Anyway. I'm back home now. Let me see if this issue persists. If it doesn't it was almost definitely the WiFi.
I decided not to log on to anything else yesterday. Thank fuck for that.

Edit: I'm not seeing this issue anymore. I think it must have been their wifi.
There isn't a way to change the forum password, is there? Can't see an option here.
Shared public WIFI very often pushes all connections through a proxy server and there is the ideal place to intercept and manipulate traffic. As you noted, it's easier to do this over http since it's not inside an encrypted tunnel like https is and therefore the data can be read and altered in both directions. With that ability, it's fairly trivial to look through inbound html code and add malicious scripts to it. It's also likely that the operators of the public WIFI system don't realise their proxy server has been taken over by someone else... or at least that would be my assumption given the weird behaviour. I assume you had your phone connected to that public WIFI as well hence seeing weird behaviour on both phone and laptop.

This also explains why your session was logged out unexpectedly. There'll be a max session time one way or the other. On that note, I would strongly advise you not to let your browser(s) and devices remember your passwords for you. Awfully convenient for you but also for any malware that gets onto your device and harvests all the cached and, more often than not, easily decrypted login information.

To clarify my position on whether or not to disable http on this forum: Firstly, it's not my call nor responsibility and, secondly, it's a pretty drastic solution to a problem. It would also affect everyone here to the point where they may not be canny enough to use https for access and therefore, for all intents and purposes, they'd think Rant was down and inaccessible for good. I would, however, suggest that all of us start looking to use https in front of the URL to guard against man-in-the-middle attacks such as the one you've experienced.

To change your password here, go to the User Control Panel -> Profile tab -> Edit Account Settings. If you're thinking it could be a lot easier to find than that, then you're not alone.
Thanks Fubs.
You should be able to redirect http calls to https. That way, bookmarked links etc will take you to https, always.
I'm not sure if it's that simple though, but it's something to consider.
User avatar
swampash
Legend
Posts: 2899
Joined: 10 years ago

WHF???
User avatar
FuB
Site Admin
Posts: 2146
Joined: 8 years ago

dozer wrote: 2 years ago Thanks Fubs.
You should be able to redirect http calls to https. That way, bookmarked links etc will take you to https, always.
I'm not sure if it's that simple though, but it's something to consider.
Oh, I'm aware of that but you're anticipating that I might have more control over the actual web service than i do, which is no control whatsoever.
NQAT's official artificial intelligence
User avatar
dozer
Legend
Posts: 3917
Joined: 10 years ago

FuB wrote: 2 years ago
dozer wrote: 2 years ago Thanks Fubs.
You should be able to redirect http calls to https. That way, bookmarked links etc will take you to https, always.
I'm not sure if it's that simple though, but it's something to consider.
Oh, I'm aware of that but you're anticipating that I might have more control over the actual web service than i do, which is no control whatsoever.
Gotcha, thanks.
Post Reply