NOTE! This site uses cookies and similar technologies.

If you not change browser settings, you agree to it.

I understand

Welcome, Guest
Username: Password: Remember me

TOPIC: Please deploy https

Please deploy https 1 year 6 months ago #1

  • jvoisin
  • jvoisin's Avatar
  • Offline
  • Fresh Boarder
  • Posts: 2
  • Thank you received: 1
  • Karma: 0
openelec.tv and its subdomains are used for a lot of things, from this forum, to udpates. Currently, everything transits in plain text, allowing an attacker (in a MITM position of course, but I'm quite sure that a lot of people are using the forum from untrusted access-points, like hotels, cybercafés, airports, bars, …) to steal passwords, to permanently backdoor every single openelec box, to advertise false news (to conduct social engineering attack, inpersonate users, deliver malwares, … the possibilities are almost endless.

This is why it would be great to enable https on as much domain as possible: it's cheap free and fast.
The administrator has disabled public write access.
The following user(s) said Thank You: dicer

Please deploy https 5 months 1 week ago #2

  • yubby
  • yubby's Avatar
  • Offline
  • Junior Boarder
  • Posts: 30
  • Thank you received: 3
  • Karma: 0
Since June 5th (as far as I can tell) the site has been subjected to 'mass spamming' with all the categories being filled with poorly-worded adverts for accountancy and legal consultations.

A better registration process (that can't be bot'd ) and screening may need to be implemented.

AND, a cleanup (removal) of the 1,000+ entries that have been posted... (including 'my mistakes' in responding to several of them).

Thanks !
The administrator has disabled public write access.

Please deploy https 5 months 1 week ago #3

  • yubby
  • yubby's Avatar
  • Offline
  • Junior Boarder
  • Posts: 30
  • Thank you received: 3
  • Karma: 0
OH, yes, and an SSL 'cert'...
The administrator has disabled public write access.

Please deploy https 4 months 4 days ago #4

  • yubby
  • yubby's Avatar
  • Offline
  • Junior Boarder
  • Posts: 30
  • Thank you received: 3
  • Karma: 0
They're baaaaaack....
The administrator has disabled public write access.

Please deploy https 1 month 2 days ago #5

  • dicer
  • dicer's Avatar
  • Offline
  • Fresh Boarder
  • Posts: 3
  • Karma: 0
Not sure what spammers have to do with https, but I second the request for https! It is 2017 after all. It's easy and free. Let me know if I can help!
The administrator has disabled public write access.

Please deploy https 2 weeks 5 days ago #6

  • yubby
  • yubby's Avatar
  • Offline
  • Junior Boarder
  • Posts: 30
  • Thank you received: 3
  • Karma: 0
Perhaps the 'topic' should be modified to 'website security' as a more general topic.
HTTPS 'is' needed, as well as some form of 'bot-negator' function (i.e. 'how many cars are in this photo') that will provide a roadblock to their auto-account-generation (and perhaps use it for topic creation as well).
The administrator has disabled public write access.