1. What does SSTB mean? See our glossary of acronyms.
    Dismiss Notice

Switching FC to full-HTTPS

Discussion in 'Community Discussion' started by KeroZen, Sep 5, 2016.

?

Would you like that this forum transitions to full HTTPS (encrypted) operation mode?

  1. Yay!

    117 vote(s)
    88.6%
  2. Nay!

    2 vote(s)
    1.5%
  3. I'm clueless

    13 vote(s)
    9.8%
  1. bossman

    bossman Gentleman Of Leisure

    Messages:
    411
    There's one post from February and the second most recent is from June of last year. Is @vtac available for admin stuff and just prefers not to post?

    The advice I got at the time of my account creation was to just use a different email address because there was nobody who was going to send me another temp password or account verification email.

    That's all in the past and I'm not complaining about the community or the bbs. I'm only trying to establish the extent to which this site does or doesn't have active administration.
     
    Last edited: May 7, 2018
    xtrobot likes this.
  2. Stu

    Stu Maconheiro Staff Member

    Messages:
    9,280
    Location:
    southeast of disorder
    That is a fair description, yes. Most all of his posts are with the staff behind the scenes.

    :peace:
     
    Ramahs and bossman like this.
  3. looney2nz

    looney2nz Research Geek, Mad Scientist

    Messages:
    641
    Location:
    So Cal
    @Stu, @pakalolo, @vtac, others I'm brainfarting on...

    I completely endorse making the move to HTTPS and upgrading the forum software to close some of the security holes and perhaps make the board experience even nicer? I know there is a bit of heartburn involved, but it doesn't have to be too bad if things are done right. Once done, we can all breathe a bit easier. Any 'white-hats' out there who'd volunteer to help with InfoSec on an ongoing basis?

    I personally LOVE this forum, but like when I was chief moderator on the ASA web forums (RIP), we had legions of abusers from certain areas of the world. I wanted to block their entire range in their countries domain, back then not many were using VPNs... on the VPN count, with the number of folks using them, particularly with their cell phones to try and protect themselves if they happen to use a public wi-fi, or setting up a mobile hotspot... I don't think it falls in the same class as using TOR.

    Moderators here ROCK... pure and simple. Great job folks! Thanks!
     
    Vapor_Eyes, bossman and asdf420 like this.
  4. Hackerman

    Hackerman Unspecified

    Messages:
    1,040
    Location:
    Out there
    There are only a handful of mods here. For a forum this size, I agree on the kudos to the few mods who do keep the order around here.

    If it weren't for Stu and the other mods, people like me would be rampantly back to back posting and running amuck. LOL

    Nice job guys.

    And, I am not really familiar with Xenforo but I am definitely 'white' and would be more than happy to help where I can. I also have friends who do it for a living if you want things upgraded, paid for, registered all proper..... and guaranteed. It's not free but I'm pretty sure he's affordable.

    Based on some of the input from a couple of the members here, I know a couple people here who could do it in a breezy afternoon. LOL

    Software upgrades aren't free. If we need to take up a collection to pay for the upgrade, I'm sure that's no problem here. The members are more like family than forum.

    Still won't stop the hackers and bots but it puts another wall up between us and them.

    We will upgrade sooner or later. Something always comes up that FORCES an upgrade. Otherwise, I would still be running MS DOS. Sure as fuck wouldn't be using Win10. LOL
     
    Whisper, macbill, leveltree and 3 others like this.
  5. Abysmal Vapor

    Abysmal Vapor Shaman of The Pyramid of Orlin'Malah

    Messages:
    3,522
    Location:
    7th heaven - 666th pit (EU)
    @Hackerman :D Haha ,dude just make yourself admin and switch the forum to full HTTPS ,why wait for the mod?? :razz:
    I have to add that i have no idea what difference that would make and even if you explain it to me i would probably not get it,i am just vaked and making stupid jokes :p.
     
    leveltree, macbill and Mr. Gweilo 420 like this.
  6. xtrobot

    xtrobot I mean... Yes?

    Messages:
    3
    Location:
    Ellicott City, MD
    I fully endorse the move to HTTPS, and while I am in no way offering to be nor capable of being a mod, would be happy to lend whatever advice is needed and/or assist as possible. It is for both the site's and the users' best interests to make this move, and frankly shocking it hasn't been done by now. :D
     
  7. analytika

    analytika Well-Known Member

    Messages:
    387
    Location:
    San Francisco, California
    It's a two hour problem max for any experienced server side architecture professional. Probably a 10-minute problem, but then I tend to approach legacy deployments cautiously, particularly when I don't know the competence level. Best approach is to expect to find a morass of chewing gum and duck tape.

    vapelife forum https: check.
    420vapezone https: check.
    rollitup.org (!) https: check.
     
    Last edited: Aug 31, 2018
  8. notlow

    notlow New Member

    Messages:
    3
    As fun as it is to send my password in plaintext across the internet when I log in to this site, why is there no encryption or security at all? I don't know of any site that doesn't have SSL for at least the login section of the site.

    I can help the admins if this lack of security is not intentional.
     
  9. OldNewbie

    OldNewbie Well-Known Member

    Messages:
    1,466
    http://fuckcombustion.com/threads/switching-fc-to-full-https.22616/
     
    KeroZen likes this.
  10. notlow

    notlow New Member

    Messages:
    3
    So what you're saying is it has been a known issue for over two years and nobody has done anything despite everyone being in favor of it?
     
  11. Hackerman

    Hackerman Unspecified

    Messages:
    1,040
    Location:
    Out there
    The site does not have an admin so there is no access to the admin panel. Or, the cPanel.

    Might be a moot point anyway. The domain name expires in 23 days. Albeit, the domain name is on auto-renew but if the payment method has expired, the domain will expire and on the 27th of October, everyone will get the NameCheap, "Domain Expired" notice.

    I put in my reserve to buy the domain name when it expires so if it does expire I can grab it and have a forum up and running in 24 hours (actually, 45 days grace period and 24 hours). However, since there is no backup of the forum database, it would have to start all over again from scratch.
     
    Last edited: Oct 3, 2018
  12. pxl_jockey

    pxl_jockey Barely-Known Member

    Messages:
    890
    Location:
    Lost in the English countryside
    To lose the collective knowledge within the FC databases would be a devastating blow for the greater cannabis community as an invaluable resource for cannabis smoking cessation. Without the database, Fuck Combustion in a very real sense ceases to exist even if the domain continues. So much knowledge lost.

    However maybe that’s the price to pay for a properly secure modern site that allows for uploading pictures and talking about cultivation since it’s no longer 2008? That’s all I have to say about this.
     
  13. aoaiwof

    aoaiwof Member

    Messages:
    57
    There are four staff members listed: @pakalolo @Quetzalcoatl @Stu @vtac . And I see @vtac is user #1, so presume he would be the site admin?

    If the only admin (i.e. person with cPanel access) has been AWOL for two years then we have a serious problem. The forum software will need updating eventually, in addition to the threat of the domain not auto-renewing. It's not a question of if the site will disappear, it's a question of when.

    I've seen offers to help set up the SSL and I too could help with that. Just need to get LetsEncrypt set up, completely free, no downsides, will take about an hour to do tops.
     
  14. looney2nz

    looney2nz Research Geek, Mad Scientist

    Messages:
    641
    Location:
    So Cal
    WAIT!!!

    This site and it's forums are NOT backed up???

    @Stu , @pakalolo , is this correct?

    If so, what kind of lunacy is this???

    Is it running some flavor of RAID? SSD's?

    Too valuable a repository as has already been stated, would be crushing for things to go 'poof' :(
     
  15. aoaiwof

    aoaiwof Member

    Messages:
    57
    The Wayback Machine is taking the occasional snapshot though https://web.archive.org/web/20180804182102/http://fuckcombustion.com/ so worst comes to worst most content will survive, even if the site is not functionally recoverable. :/
     
  16. looney2nz

    looney2nz Research Geek, Mad Scientist

    Messages:
    641
    Location:
    So Cal
  17. aoaiwof

    aoaiwof Member

    Messages:
    57
    Agreed. For functional recovery you need a DB backup. Hopefully one of the mods will know about the site infrastructure and have access.
     
  18. pakalolo

    pakalolo RoboMod v4.0a (unstable) Staff Member

    Messages:
    8,962
    Location:
    Other side of your screen
    Both @vtac and @Quetzalcoatl have been missing for several months. Only @vtac (the site owner) has the access necessary to update forum software or perform backups. He has never disclosed the back end architecture. We do not know whether there is an automated backup, but knowing @vtac there likely is one in place.

    The domain expires on October 26. It would be fantastic if @vtac returns at that time; however, it is most likely that the domain will be auto-renewed. If I'm right, there could be an interruption in service to some members while the renewal propagates. This is what happened last year.
     
  19. aoaiwof

    aoaiwof Member

    Messages:
    57
    Thanks for the comprehensive reply. Perhaps when @vtac returns it would be wise to discuss how to allow other people to maintain the infrastructure. Like everyone here I love this site, it's a great resource, and I don't want it to disappear. As for HTTPS, if @vtac has no objections but is too busy/... to set it up there's no reason another trusted member of the community couldn't do that.
     
  20. Hackerman

    Hackerman Unspecified

    Messages:
    1,040
    Location:
    Out there
    Probably should use wget to make a mirror of the site. If it does go down and there is no database backup, at least there will be a mirror of the site to reference. Then, a new site and forum can be set up and start over from scratch. The backup/mirror would not be interactive but at least you wouldn't loose all the reference.

    I was going to make a mirror but it puts a lot of stress on the server and I didn't want the host to shut down the site thinking it was a DOS attack.

    I do have the domain name on reserve so if it does expire, I got it.
     
  21. pakalolo

    pakalolo RoboMod v4.0a (unstable) Staff Member

    Messages:
    8,962
    Location:
    Other side of your screen
    Rest assured attempts along these lines have been made.

    A wget mirror is inadequate, since you cannot duplicate the member database. It would serve as an archive of the content but there is no way it could be made to function as a copy of the forum.
     
  22. aoaiwof

    aoaiwof Member

    Messages:
    57
    We could parse a scrape of the forum to extract posts, and the associated metadata such as author, thread, ... . We could then import that into any forum software. We'd need to reissue accounts so people would have to connect their email address to the forum username some way, since it's not public.
     
  23. Hackerman

    Hackerman Unspecified

    Messages:
    1,040
    Location:
    Out there
    Exactly,pretty much what I said, it would just be an archive that would be reference. But, at least an archive can be referenced from the new forum (if it actually went that way). Information changes so fast in this vape market that the old info is mostly outdated or simply chat and friendly banter, anyway. Still, there is some decent info in recent posts and to even loose the banter and chatter would be kind of a shame for a lot of the members that call this forum home.

    Let's keep our finger's crossed that vtac's payment method is still current for the auto-renew.

    There is always the option of cracking the cPanel at the host.
     
  24. Sawyer

    Sawyer New Member

    Messages:
    7
    Looks like the domain renewed again for two years, so that's good. Would be nice if the switch to HTTPS could be made though.
     
    Last edited: Oct 28, 2018
    aoaiwof and Maine420 like this.
  25. Hackerman

    Hackerman Unspecified

    Messages:
    1,040
    Location:
    Out there
    I expect we will see vtac make a visit soon.

    Once he gets the billing for the domain renewal, he'll face palm and say, "Oh yeah, FuckCombustion" and perhaps stop in to see what's going on. LOL

    Making one of the current mods an admin might be a good idea, this time around. LOL
     
    aoaiwof and Maine420 like this.

Support FC, visit our trusted friends and sponsors