Topics

hfsignals safety

Reed N
 

Looks like the cert is valid for admin.hfsignals.com and hfsignals.com, but NOT www.hfsignals.com, and thus creates a nice big warning. Pretty sure this is an issue with the cert setup, and not an actual website hack.


Reed

Ashhar Farhan
 

i am mucking around with this. hopefully the bug is now gone. we are setting up a backoffice to smoothen the order tracking etc.

- f

On Wed, May 20, 2020 at 10:07 AM Reed N <greenkid336600+groupsio@...> wrote:
Looks like the cert is valid for admin.hfsignals.com and hfsignals.com, but NOT www.hfsignals.com, and thus creates a nice big warning. Pretty sure this is an issue with the cert setup, and not an actual website hack.


Reed

Ashhar Farhan
 

reed,
i am not sure what is going on. i use cerbot from letsencrypt to install certificates on the hfsignals.com server. there are couple of other domains on this server as well. i added admin.hfsignals.com as a sub-domain to run a backend that i wrote to handle the orders etc. in future, this will provide online tracking for everyon'e individual orders too. 
now, the domain (hfsignals.com) complains about being insecure while admin.hfsignals.com shows it is secure. i am unable to understand what's going on. do you have any idea?
- f

On Thu, May 21, 2020 at 1:05 AM Ashhar Farhan via groups.io <farhanbox=gmail.com@groups.io> wrote:
i am mucking around with this. hopefully the bug is now gone. we are setting up a backoffice to smoothen the order tracking etc.

- f

On Wed, May 20, 2020 at 10:07 AM Reed N <greenkid336600+groupsio@...> wrote:
Looks like the cert is valid for admin.hfsignals.com and hfsignals.com, but NOT www.hfsignals.com, and thus creates a nice big warning. Pretty sure this is an issue with the cert setup, and not an actual website hack.


Reed

Christopher Miller
 

Is it possible you accidentally included a vulnerability?

Chris

Ashhar Farhan
 

Reed,
I figured out the problem was that some images were coming form http (in-secure) website while the page was itself dished out  from https (secure socket). i had to fix a few images. it seem to be fixed for now.

On Thu, May 21, 2020 at 8:56 AM Ashhar Farhan via groups.io <farhanbox=gmail.com@groups.io> wrote:
reed,
i am not sure what is going on. i use cerbot from letsencrypt to install certificates on the hfsignals.com server. there are couple of other domains on this server as well. i added admin.hfsignals.com as a sub-domain to run a backend that i wrote to handle the orders etc. in future, this will provide online tracking for everyon'e individual orders too. 
now, the domain (hfsignals.com) complains about being insecure while admin.hfsignals.com shows it is secure. i am unable to understand what's going on. do you have any idea?
- f

On Thu, May 21, 2020 at 1:05 AM Ashhar Farhan via groups.io <farhanbox=gmail.com@groups.io> wrote:
i am mucking around with this. hopefully the bug is now gone. we are setting up a backoffice to smoothen the order tracking etc.

- f

On Wed, May 20, 2020 at 10:07 AM Reed N <greenkid336600+groupsio@...> wrote:
Looks like the cert is valid for admin.hfsignals.com and hfsignals.com, but NOT www.hfsignals.com, and thus creates a nice big warning. Pretty sure this is an issue with the cert setup, and not an actual website hack.


Reed

VE3MIC
 

The SSL certificate appears OK for me
I suggest that users ensure that their web browsers are kept up to date especially Chrome & Firefox





(Screenshots from Chrome & Firefox)

73 de Mike

Reed N
 

I can also confirm that it looks like it's working now! No scary warnings :)


Reed

Vince Vielhaber
 

Except the admin link you gave redirects to daana.in and the page it's redirecting to can't be found.

Vince.

On 05/21/2020 12:15 AM, Ashhar Farhan wrote:
Reed,
I figured out the problem was that some images were coming form http
(in-secure) website while the page was itself dished out from https
(secure socket). i had to fix a few images. it seem to be fixed for now.

On Thu, May 21, 2020 at 8:56 AM Ashhar Farhan via groups.io
<http://groups.io> <farhanbox=gmail.com@groups.io
<mailto:gmail.com@groups.io>> wrote:

reed,
i am not sure what is going on. i use cerbot from letsencrypt to
install certificates on the hfsignals.com <http://hfsignals.com>
server. there are couple of other domains on this server as well. i
added admin.hfsignals.com <http://admin.hfsignals.com> as a
sub-domain to run a backend that i wrote to handle the orders etc.
in future, this will provide online tracking for
everyon'e individual orders too.
now, the domain (hfsignals.com <http://hfsignals.com>) complains
about being insecure while admin.hfsignals.com
<http://admin.hfsignals.com> shows it is secure. i am unable to
understand what's going on. do you have any idea?
- f

On Thu, May 21, 2020 at 1:05 AM Ashhar Farhan via groups.io
<http://groups.io> <farhanbox=gmail.com@groups.io
<mailto:gmail.com@groups.io>> wrote:

i am mucking around with this. hopefully the bug is now gone. we
are setting up a backoffice to smoothen the order tracking etc.

- f

On Wed, May 20, 2020 at 10:07 AM Reed N
<greenkid336600+groupsio@...
<mailto:greenkid336600%2Bgroupsio@...>> wrote:

Looks like the cert is valid for admin.hfsignals.com
<http://admin.hfsignals.com> and hfsignals.com
<http://hfsignals.com>, but NOT www.hfsignals.com,
<http://www.hfsignals.com,> and thus creates a nice big
warning. Pretty sure this is an issue with the cert setup,
and not an actual website hack.


Reed

 

Daana is also Farhans project Vince!

Raj

At 21/05/2020, you wrote:
Except the admin link you gave redirects to daana.in and the page it's redirecting to can't be found.

Vince.

Vince Vielhaber
 

Yes, but he would have to have a different certificate for hfsignals and daana. He was referring to one for hfsignals and admin.hfsignals.

Vince.

On 05/21/2020 03:28 AM, Raj vu2zap wrote:
Daana is also Farhans project Vince!

Raj

At 21/05/2020, you wrote:
Except the admin link you gave redirects to daana.in and the page it's redirecting to can't be found.

Vince.

Ashhar Farhan
 

apparently, the way it works is that letsencrypt.org (run by electronic frontiers for freedom guys). issues one certificate per server. this is a common practice. i have fixed the security issues now.
btw. hfsigansl is open for business.

- f

On Thu, May 21, 2020 at 11:36 PM Vince Vielhaber <vev@...> wrote:
Yes, but he would have to have a different certificate for hfsignals and
daana.  He was referring to one for hfsignals and admin.hfsignals.

Vince.



On 05/21/2020 03:28 AM, Raj vu2zap wrote:
> Daana is also Farhans project Vince!
>
> Raj
>
> At 21/05/2020, you wrote:
>> Except the admin link you gave redirects to daana.in and the page it's redirecting to can't be found.
>>
>> Vince.
>
>
>
>

--
   K8ZW  http://www.metalworkingfun.com   http://www.hamradio.fun



Vince Vielhaber
 

Server or domain. You can have multiple domains on the same server, certificates are usually issued per domain, the ones for a full server is usually quite expensive.

Vince.

On 05/21/2020 03:09 PM, Ashhar Farhan wrote:
apparently, the way it works is that letsencrypt.org
<http://letsencrypt.org> (run by electronic frontiers for freedom guys).
issues one certificate per server. this is a common practice. i have
fixed the security issues now.
btw. hfsigansl is open for business.

- f

On Thu, May 21, 2020 at 11:36 PM Vince Vielhaber <vev@...
<mailto:vev@...>> wrote:

Yes, but he would have to have a different certificate for hfsignals
and
daana. He was referring to one for hfsignals and admin.hfsignals.

Vince.



On 05/21/2020 03:28 AM, Raj vu2zap wrote:
> Daana is also Farhans project Vince!
>
> Raj
>
> At 21/05/2020, you wrote:
>> Except the admin link you gave redirects to daana.in
<http://daana.in> and the page it's redirecting to can't be found.
>>
>> Vince.
>
>
>
>

--
K8ZW http://www.metalworkingfun.com http://www.hamradio.fun



Leo
 

Good to see you worked it out. 

in future you can run a sanity check by visiting ssllabs.com/ssltest which checks certificates, TLS config and susceptibility to SSL-related vulnerabilities. 

hfsignals currently rates A.