OldTLSDoug
Forum Supporter
It kind of glares at me now, so what changed? I checked that most of my other ones have "https", should I be worried? Thanks.
-
Welcome to the Two Wheeled Texans community! 
Feel free to hang out and lurk as long as you like. However, we would like to encourage you to register so that you can join the community and use the numerous features on the site. After registering, don't forget to post up an introduction!
Was this forum previously secure?
- Thread starter OldTLSDoug
- Start date
J
Jarrett
Guest
Noticed that as well. Talking about this, I assume:
Guessing it has to do with SSL-related changes Scott is working on for the new software.
It just means the connections are using non-encrypted HTTP to interact with the site currently. That means anyone sitting on the networks between you and TWT could theoretically use a network sniffer to capture the data you send to the site and read it. Something that is exponentially harder to do with SSL enabled.
In most cases, that just means your Internet Service Provider can see your traffic, which is generally a non issue unless you fall into the tin foil hat camp. Barring that, it's fairly limited exposure unless you browse TWT from open wifi hot spots regularly. In that case, that scruffy looking millennial sitting in the booth nearby sipping his mocha latte might be grabbing yo TWT packets.
Since there isn't a lot of credit card usage here, I suspect the only real concern I see is if you use the same password here as you do with other logins to your personal email or financial institutions. Which is a bad idea, by the way. Don't do that.
Good catch though.
Guessing it has to do with SSL-related changes Scott is working on for the new software.
It just means the connections are using non-encrypted HTTP to interact with the site currently. That means anyone sitting on the networks between you and TWT could theoretically use a network sniffer to capture the data you send to the site and read it. Something that is exponentially harder to do with SSL enabled.
In most cases, that just means your Internet Service Provider can see your traffic, which is generally a non issue unless you fall into the tin foil hat camp. Barring that, it's fairly limited exposure unless you browse TWT from open wifi hot spots regularly. In that case, that scruffy looking millennial sitting in the booth nearby sipping his mocha latte might be grabbing yo TWT packets.
Since there isn't a lot of credit card usage here, I suspect the only real concern I see is if you use the same password here as you do with other logins to your personal email or financial institutions. Which is a bad idea, by the way. Don't do that.
Good catch though.
Last edited by a moderator:
tshelfer
0
- Joined
- Sep 4, 2009
- Messages
- 13,485
- Reaction score
- 2,854
- Location
- Centennial, CO
- First Name
- Tim
- Last Name
- Shelfer
Probably not the right place to brag about the crimes you've committed and gotten away with. 
Really, there's not much personal data here for a hacker to harvest - your email id, and they've already gotten that a thousand other ways.
Maybe some hacker troll will discover what the One True Motorcycle Oil is.
Really, there's not much personal data here for a hacker to harvest - your email id, and they've already gotten that a thousand other ways. Maybe some hacker troll will discover what the One True Motorcycle Oil is.
J
Jarrett
Guest
Probably not the right place to brag about the crimes you've committed and gotten away with.
Me? I only hack for a paycheck
- Joined
- Feb 28, 2003
- Messages
- 51,246
- Reaction score
- 8,248
- Location
- Huntsville
- First Name
- Scott
- Last Name
- Friday
The unsecure warning thing is relatively new. It has to do with recent changes by all the big players in the net world. TWT has not been secure from the very beginning 15 years ago. Before the recent change, that was not so obvious because all the browsers didn't make it obvious. Now, there is a BIG push to get everyone on https. This is part of what I am in the process of trying to get done right now. Eventually, once all the dust settles, when you login to the site you will see the https. There are so many things that have to happen for this changeover that it is hard for me to understand what needs to be done and when it needs to be done. Just trying to sort all that out is taking a lot of time because this is not what I do for a living and I am relying on the help of others to get it done. Right now, I can't even enlist a few people to help me vet the test install of the new software because of IP/DNS issues. On my current server I have 29 dedicated IP addresses, 3 of which I am using. The new server only has one, and you can't get more without having to justify the need for it. Apparently there is a shortage of IP addresses. So that is causing a bit of an issue. Anyway, the end result is that all these changes aren't going to happen in a hurry. If I can get it all done before Jan 1st, I'll be happy.
Multiple sites on one IP isn't a big deal, just have to configure the web server properly.
- Joined
- May 20, 2004
- Messages
- 12,838
- Reaction score
- 661
- Location
- Austin, TX
- First Name
- Rusty
- Last Name
- Myers
New versions of browsers are pointing out more obviously now. Particularly Chrome.
We have never been SSL, but will when we migrate to the new server and forum software. This is one of the reasons we are making the change.
We have never been SSL, but will when we migrate to the new server and forum software. This is one of the reasons we are making the change.
OldTLSDoug
Forum Supporter
Thanks Fellas
- Joined
- Feb 28, 2003
- Messages
- 51,246
- Reaction score
- 8,248
- Location
- Huntsville
- First Name
- Scott
- Last Name
- Friday
This is true... under normal conditions 
It is the in between normal conditions where it is an issue. I don't understand all the details, but it has to do with the fact that I use Gsuite for my email, something about how the DNS stuff is setup on my live server and how to switch it over to the new server, the limited IPs I have now (2 versus 29), and that ultimately I will have three domains on the new server. I need to be able to have a few people get on the new server to help me test without messing up all that stuff so the live site is not affected, and then to be able to switch everything over when we are ready as quickly and seamlessly as possible. It can be done in brute force way, but I'm trying to avoid that. It can also be done by spending yet more money... and I want to avoid that too My problem is that I have a very high level of understanding of how all this stuff works. I do not have a good understanding of the down low nitty gritty nuts and bolts of how it all works. This makes it hard for me to make decisions affecting how things need to be handled. Times like this make me wish I had the resources to hire an IT staff 
Your MX records shouldn't change from google. Leave them alone as you aren't changing that IP address.
When ready to flip the switch, swap your A records from 74.117.210.243 to your new IP address and make sure you've configured your new web server to not send * to any site but configure on your web server the URL's to send to the particular folders.
Don't forget to test said configuration with your hosts file on your local desktop before you move the live DNS. Also, 4-8 hours before you flip the switch, set your TTL to something small and then after a few hours set it back to the current 4 hours. That'll reduce downtime of folks going to two different IP's as the TTL expires quicker.
When ready to flip the switch, swap your A records from 74.117.210.243 to your new IP address and make sure you've configured your new web server to not send * to any site but configure on your web server the URL's to send to the particular folders.
Don't forget to test said configuration with your hosts file on your local desktop before you move the live DNS. Also, 4-8 hours before you flip the switch, set your TTL to something small and then after a few hours set it back to the current 4 hours. That'll reduce downtime of folks going to two different IP's as the TTL expires quicker.
- Joined
- Feb 28, 2003
- Messages
- 51,246
- Reaction score
- 8,248
- Location
- Huntsville
- First Name
- Scott
- Last Name
- Friday
Right now, all MX info is on my current server. Moving it to the new server later involves an IP address somehow? 
Like I said, I don't really understand it all so I am probably not explaining the issue in a way that makes sense to someone that would understand the problem if it were explained correctly. A solution would be to have my domain registrar host the MX records instead of doing that on my server. However, that would involve an upgrade to the current package I have with them, for each domain I own (three of them). So basically an additional $75/yr to have them do that instead of hosting it on my own server. Not the end of the world, but I'd rather not spend it if I don't have too. This is what I have been doing. It is a bit of a pain, but it works. I had originally thought that the people who would help me test the new software before going live could do the same thing. Apparently... not. Again, I don't really understand the specifics. Woodbutcher mentioned something like this. So far as I know, that is part of the plan. The really frustrating thing about all this for me is my level of general ignorance. I know next to nothing about server configuration and administration. Since starting TWT, I have had other folks that have been able to do most of that for me on a volunteer basis. So all I have had to learn is how to use the forum software and herd cats. Right now, it kind of feels like walking into a surgery room and being handed a scalpel and being told I'm expected to do brain surgery. I get that I am going to have to open the person up, but I have no clue what to do once I get in there. I've been reading and watching videos trying to get a better understanding, but it seems like so much of the material I can find assumes a certain level of base knowledge (which I lack) and that makes it REALLY hard to understand how it all fits together. I either find stuff that is so incredibly basic that it is useless or so technical I can't wrap my head around it. Finding anything in between has been almost impossible. For the curious, I have three domains,twtex.com
sfriday.com
backroadmotorcycletours.com
The latter two are just static html pages, but I do have numerous email accounts associated with them that all end up at the same place as the twtex.com emails via Gsuite. I log into one account there and the emails for ALL of the various accounts and domains are in one place.
My current hosting plan with the server that I actually own has provided me with 29 usable dedicated IP addresses. So each domain name has its own IP address. All three use the same name servers, ns1.twtex.com and ns2.twtex.com. So my understanding is that this means my current server was setup with its own DNS server. My VPS, which is where the new site is going to be located, has two IP addresses. I was asking about how I could give people access to the test site, here is what I've been told, So the issue was that if you simply put the IP address into the browser, it did not go to the right directory. It went to /var/www/html/. I need it to go to /home/twtexco/, which is where the TWT related stuff will be sitting. So we were talking about having an IP dedicated just to the /home/twtexco/ account and letting the other IP be shared for the other domains. This would let me hand out the dedicated IP to testers. It will also be required for me to attach an SSL to the IP address so visitors would see the https when coming to the forum. But, that would screw up the nameserver/MX stuff because that requires IP addresses. So it was thought we'd move the MX stuff off the server and free up an IP. This is the upgrade option with my current registrar that I mentioned earlier. That will cost me money. If I can justify getting a third IP address from the hosting company, then this would solve everything. But they are tight with them apparently. However, if they did give me one, it would only cost me $2/mo. The annoying thing is that before I can get the IP, part of the requirement is that I already have an SSL... I just got off a LONG chat session with my new hosting provider. Hopefully, they will approve a new IP address and SSL so I can move forward. So I just keep pounding my head on my keyboard and hopefully it will all work out in the end
Oh man, first thing I'd do is find a new registrar and move your DNS. That would simplify things a lot! I just looked at your Whois and yea, name servers are ns1.twtex.com and ns2.twtex.com.
Name registration has gotten cheaper and registrars are doing more for you than they did 15 years ago. I used to host my domain with godaddy, but now it's with google, and they'll take care of all your dns config and name server hosting.
Let me know if you guys need anything.
Name registration has gotten cheaper and registrars are doing more for you than they did 15 years ago. I used to host my domain with godaddy, but now it's with google, and they'll take care of all your dns config and name server hosting.
Let me know if you guys need anything.
J
Jarrett
Guest
What he said. Not sure why your hosting provider is giving you grief about one IP and DNS configs.
- Joined
- Feb 28, 2003
- Messages
- 51,246
- Reaction score
- 8,248
- Location
- Huntsville
- First Name
- Scott
- Last Name
- Friday
From what I can determine, ALL of the hosting services are requiring a justification to get a dedicated IP address beyond what might come with the particular hosting package. Apparently, there is a shortage of IP4 addresses
Maybe that is because when I got the current hosting package back around 2007, they gave me 29 dedicated IPs for an extra $5/mo, of which I have only ever used 3-4, so perhaps a LOT of IPs are locked up in blocks like mine even if they aren't being used? When I move to the new server, I will be releasing those 29 IPs back into the sea so they can be free Anyway, they approved the extra IP, so all is good now! This will facilitate me being able to setup the SSL for the twtex.com domain. Things are moving forward.
Just keep on swimming, keep on swimming...
OldTLSDoug
Forum Supporter
Hey, thank you for your efforts on our behalf. I am pretty sure you have a thankless job. I used to moderate a bunch of forums and found the hassles far outweighed the joy in those jobs. I spent a lot of time just sorting through crap and bots and stuff. I feel your pain and appreciate your efforts.