[snoopy11]

I'm getting intermittent connection not secure messages in my browser,

Should I be worried ??

Is the site under attack again from the chinese ?

It only occurs on this site... no where else so its not my connection.

[tlhIn`toq]

Funny - I don't get that here, but I get it on my own RedPillXamarin tutorial site - But only from my home when I have a VPN running, and from my work where I know we have a VPN as part of our security system that keeps all the different city offices on the same virtual network.

It started on my site after I (1) Moved it from Wordpress.com to a hosted wordpress.org platform and (2) Firefox upgraded last week.

The warning I see says that the security certificate wasn't set up right. If I go through the advanced options and add an exception I can accept the certificate as valid and stopped getting the warning.

[Skydiver]

I keep seeing 504 Gateway Timeout errors.

[jimblumberg]

When I click the show site information icon next to the url bar in Firefox it tells me that the site is not secure, which is what I think snoopy is talking about.

Edit: I believe that this has been discussed elsewhere already, but I'm too lazy to try to search the forum, since I can never get the forum search to do what I expect.

Edit2: Yes it has been discussed here before.

By the way when is the problem with posting attachments going to be addressed as well?



Jim

This post has been edited by jimblumberg: 21 November 2017 - 12:32 PM

[Radius Nightly]

There are certificates in your web-browser, same as certificates on Windows for applications, like code signing digital signatures, etc.

Windows have certificates in OS, and its still updating even on XP, because its different one. When you are about to execute some application that doesn not have certificate, that application will be scanned by anti-virus or so, if it have digital signature, then two things can happened. If certificate of application are on Windows signer list (signer like DigiCert who paid to Microsoft a lot money to integrate their certificate in OS) by hash and if your certificate are provided from them (you bought it from DigiCert), Windows have DigiCert certificate, who gave you certificate (for like your Pet Rescue II game), means its valid signature, and its trusted, in this scenario, anti-virus wont scan your game/application so you can avoid lots of bad false positive things. Second, if your certificate are made from someone (eg. MyCert Ltd.) who are not popular (their certificate are not at Windows certificate list to be trusted), it means your application will act as normal files, will be scanned, but worse, lots of protections will mark your application as PUA/PUP (Potentially Unwanted Application/Program) like ADS spam infected content and will be blocked, because Windows doesnt have your signer certificate who gave you certificate, it means your certificate representing someone and your signature are not valid (eg. you make Microsoft signature, so you represent Microsoft, but by hash, its not a valid certificate, because its not true Microsoft cert and will be treated as false positive, unwanted or dangerous content). Peoples who run in this problem usually knows why, community will know its safe to use it, and for some driver installers, before driver are started, you are usually prompted to install certificate for that driver, because its not trusted, means driver cant get in the system, and cant be launched, and cant be set at boot, but if you install that certificate (its not on Windows certificate list, its not trusted, you install it, set certificate on the list, it become trusted; usually called root as Trusted Root Certification Authorities), Windows OS will trust that driver, so driver can launch, boot, drive, avoid false positive alerts by security, whatever... lots of projects, games and softwares hides lots of lets say bad things behind trusted certificate. For example, certificated game that can access you system, do things, like delete files, move them, encrypt them, send them to someone, like stealing data... are behind trusted certificate (so they avoid almost all possible securities and can do whatever it wishes).

Now, similar things happening in the web-browsers, they contain certification list of true signers who providing digital signatures for SSL (eg. Let's Encrypt), and mostly its not updated separately like under OS, but as web-browser update. So when you connecting to some site that use HTTPS, your web-browser will get certificate from that site, if its provided by eg. real Let's Encrypt and if its not expired, web-browser will use for sure use SSL protocol, but if sites certificate representing someone else (your web-browser never hear for it, first it will seek database for valid certificates), if certificate has expired, or site that uses HTTPS does not have certificate, its not trusted, for your own safety web-browser wont talk to that domain without your reaction (giving you error that HTTPS/SSL are not secured), so you can be aware of that, maybe you wont talk to the real server but someone else (phishing aim a like) you are looking for, using credit cards and similar are serious threat, but if you trust it (or you are using self-signed certificate for experimental or under construction things), you can add exception (same as above, it will install certificate to your web-browser and will become trusted). And when SSL certificate are trusted, your web-browser will trust its connection and files, so he wont filter, scan or collect data, specially if its on top of everything trusted and from Windows side, there is no filters for it, no anti-virus, no firewall blocks or anything similar for trusted thing.

Hope you understand.

Maybe there is nothing wrong with a site. You got intruder?

This post has been edited by Radius Nightly: 21 November 2017 - 02:18 PM

[jimblumberg]

What does all that Windows nonsense have to do with this site?

By the way since this site does not appear to be using https (which if I'm not mistaken is server side) what is your point about all of that web-browser rant?

[Radius Nightly]

You mean in combination? Simple, it means visitors web-browser will trust your site, so they will be able to buy and download anything from your site without any problem, web-browser wont quick scan it at the end of download, because its trusted site, and if its eg. application with digital signature that Microsoft trust, who gave you certificate, you can be sure your product will be able to install on visitors computer without any false positive problems.

Lets try with real life situation.
Similar to friends in real life, when you trust them, you dont scan them with brain heuristics and you dont block them in any way, so they are allowed to do most of the things (like enter in your house, taking your stuff), including dangerous act and threats (like trying to hit you or playing to stab you as a joke), thats your true friends, you trust them and you dont ask security questions about them.
In other hand, if friend is not trusted, it means he is unknown, unwanted, untrusted and potentially dangerous. All above what i said for trusted friend now doesnt apply, same examples inverted (if he enter in your house, taking your stuff, its serious threat, and you will probably kick his ass), and all dangerous act cant be known as a joke, like trusted one (so trying to hit you will make you serious mad and protective, and if that false friend tries to stab you, joke or not, you will become aggressive because of danger).
In the end trusted friend who stab you in ass are worst scenario, and its happening online, one way or another, they are trusted, approved, popular, and they can steal your personal information for any reason, and their act is still approved and trusted.

I told you why you can get that error and how it works.
If site got problems, then its possible with mixed content maybe or so (eg. site is using HTTPS, but some content will be downloaded via HTTP under HTTPS), but because this site does not have SSL, from server side and from your web-browser site, that error are not possible, you know, there is no SSL "door", makes nonsense to get error like wrong PIN, try again to unlock the door. Thats why i said if you got intruder, maybe someone on your network, maybe some infection, maybe some random problem...

Edit: As you said, if he thinks about that, when you see "Connection is Not Secure", it means you are using http://, if you see "Secure Connection", it means you are using https://, all other kind of issue (usually certificate, because it expires or for lots of other reasons, paying, network problems, viruses, tests, questions, their security, middle one, they are blocked for some reason, or its self-signed signature, etc., here is example that we all experienced: http://www.trishtech...ozilla-firefox/ ) where you are prompted may be dangerous.

This post has been edited by Radius Nightly: 22 November 2017 - 12:25 AM