Switching FC to full-HTTPS

Would you like that this forum transitions to full HTTPS (encrypted) operation mode?

  • Yay!

    Votes: 155 89.6%
  • Nay!

    Votes: 3 1.7%
  • I'm clueless

    Votes: 15 8.7%

  • Total voters
    173
Status
Not open for further replies.

bossman

Gentleman Of Leisure
There's one post from February and the second most recent is from June of last year. Is @vtac available for admin stuff and just prefers not to post?

The advice I got at the time of my account creation was to just use a different email address because there was nobody who was going to send me another temp password or account verification email.

That's all in the past and I'm not complaining about the community or the bbs. I'm only trying to establish the extent to which this site does or doesn't have active administration.
 
Last edited:
bossman,
  • Like
Reactions: xtrobot

looney2nz

Research Geek, Mad Scientist
That is a fair description, yes. Most all of his posts are with the staff behind the scenes.

:peace:

@Stu, @pakalolo, @vtac, others I'm brainfarting on...

I completely endorse making the move to HTTPS and upgrading the forum software to close some of the security holes and perhaps make the board experience even nicer? I know there is a bit of heartburn involved, but it doesn't have to be too bad if things are done right. Once done, we can all breathe a bit easier. Any 'white-hats' out there who'd volunteer to help with InfoSec on an ongoing basis?

I personally LOVE this forum, but like when I was chief moderator on the ASA web forums (RIP), we had legions of abusers from certain areas of the world. I wanted to block their entire range in their countries domain, back then not many were using VPNs... on the VPN count, with the number of folks using them, particularly with their cell phones to try and protect themselves if they happen to use a public wi-fi, or setting up a mobile hotspot... I don't think it falls in the same class as using TOR.

Moderators here ROCK... pure and simple. Great job folks! Thanks!
 
There are only a handful of mods here. For a forum this size, I agree on the kudos to the few mods who do keep the order around here.

If it weren't for Stu and the other mods, people like me would be rampantly back to back posting and running amuck. LOL

Nice job guys.

And, I am not really familiar with Xenforo but I am definitely 'white' and would be more than happy to help where I can. I also have friends who do it for a living if you want things upgraded, paid for, registered all proper..... and guaranteed. It's not free but I'm pretty sure he's affordable.

Based on some of the input from a couple of the members here, I know a couple people here who could do it in a breezy afternoon. LOL

Software upgrades aren't free. If we need to take up a collection to pay for the upgrade, I'm sure that's no problem here. The members are more like family than forum.

Still won't stop the hackers and bots but it puts another wall up between us and them.

We will upgrade sooner or later. Something always comes up that FORCES an upgrade. Otherwise, I would still be running MS DOS. Sure as fuck wouldn't be using Win10. LOL
 

Abysmal Vapor

Break through and listen, to yourself
@Hackerman :D Haha ,dude just make yourself admin and switch the forum to full HTTPS ,why wait for the mod?? :razz:
I have to add that i have no idea what difference that would make and even if you explain it to me i would probably not get it,i am just vaked and making stupid jokes :p.
 

xtrobot

I mean... Yes?
I fully endorse the move to HTTPS, and while I am in no way offering to be nor capable of being a mod, would be happy to lend whatever advice is needed and/or assist as possible. It is for both the site's and the users' best interests to make this move, and frankly shocking it hasn't been done by now. :D
 

analytika

Well-Known Member
I fully endorse the move to HTTPS, and while I am in no way offering to be nor capable of being a mod, would be happy to lend whatever advice is needed and/or assist as possible. It is for both the site's and the users' best interests to make this move, and frankly shocking it hasn't been done by now. :D
It's a two hour problem max for any experienced server side architecture professional. Probably a 10-minute problem, but then I tend to approach legacy deployments cautiously, particularly when I don't know the competence level. Best approach is to expect to find a morass of chewing gum and duck tape.

vapelife forum https: check.
420vapezone https: check.
rollitup.org (!) https: check.
 
Last edited:

notlow

Active Member
As fun as it is to send my password in plaintext across the internet when I log in to this site, why is there no encryption or security at all? I don't know of any site that doesn't have SSL for at least the login section of the site.

I can help the admins if this lack of security is not intentional.
 

notlow

Active Member
So what you're saying is it has been a known issue for over two years and nobody has done anything despite everyone being in favor of it?
 
notlow,
The site does not have an admin so there is no access to the admin panel. Or, the cPanel.

Might be a moot point anyway. The domain name expires in 23 days. Albeit, the domain name is on auto-renew but if the payment method has expired, the domain will expire and on the 27th of October, everyone will get the NameCheap, "Domain Expired" notice.

I put in my reserve to buy the domain name when it expires so if it does expire I can grab it and have a forum up and running in 24 hours (actually, 45 days grace period and 24 hours). However, since there is no backup of the forum database, it would have to start all over again from scratch.
 
Last edited:
Hackerman,

pxl_jockey

Just a dude
To lose the collective knowledge within the FC databases would be a devastating blow for the greater cannabis community as an invaluable resource for cannabis smoking cessation. Without the database, Fuck Combustion in a very real sense ceases to exist even if the domain continues. So much knowledge lost.

However maybe that’s the price to pay for a properly secure modern site that allows for uploading pictures and talking about cultivation since it’s no longer 2008? That’s all I have to say about this.
 

aoaiwof

Member
The site does not have an admin so there is no access to the admin panel. Or, the cPanel.

There are four staff members listed: @pakalolo @Quetzalcoatl @Stu @vtac . And I see @vtac is user #1, so presume he would be the site admin?

If the only admin (i.e. person with cPanel access) has been AWOL for two years then we have a serious problem. The forum software will need updating eventually, in addition to the threat of the domain not auto-renewing. It's not a question of if the site will disappear, it's a question of when.

I've seen offers to help set up the SSL and I too could help with that. Just need to get LetsEncrypt set up, completely free, no downsides, will take about an hour to do tops.
 
aoaiwof,

looney2nz

Research Geek, Mad Scientist
The site does not have an admin so there is no access to the admin panel. Or, the cPanel.

Might be a moot point anyway. The domain name expires in 23 days. Albeit, the domain name is on auto-renew but if the payment method has expired, the domain will expire and on the 27th of October, everyone will get the NameCheap, "Domain Expired" notice.

I put in my reserve to buy the domain name when it expires so if it does expire I can grab it and have a forum up and running in 24 hours (actually, 45 days grace period and 24 hours). However, since there is no backup of the forum database, it would have to start all over again from scratch.

WAIT!!!

This site and it's forums are NOT backed up???

@Stu , @pakalolo , is this correct?

If so, what kind of lunacy is this???

Is it running some flavor of RAID? SSD's?

Too valuable a repository as has already been stated, would be crushing for things to go 'poof' :(
 
looney2nz,
  • Like
Reactions: idboehman

aoaiwof

Member
WAIT!!!

This site and it's forums are NOT backed up???

@Stu , @pakalolo , is this correct?

If so, what kind of lunacy is this???

Is it running some flavor of RAID? SSD's?

Too valuable a repository as has already been stated, would be crushing for things to go 'poof' :(
The Wayback Machine is taking the occasional snapshot though https://web.archive.org/web/20180804182102/http://fuckcombustion.com/ so worst comes to worst most content will survive, even if the site is not functionally recoverable. :/
 
aoaiwof,

pakalolo

Toolbag v1.1 (candidate)
Staff member
There are four staff members listed: @pakalolo @Quetzalcoatl @Stu @vtac . And I see @vtac is user #1, so presume he would be the site admin?

If the only admin (i.e. person with cPanel access) has been AWOL for two years then we have a serious problem. The forum software will need updating eventually, in addition to the threat of the domain not auto-renewing. It's not a question of if the site will disappear, it's a question of when.

I've seen offers to help set up the SSL and I too could help with that. Just need to get LetsEncrypt set up, completely free, no downsides, will take about an hour to do tops.

WAIT!!!

This site and it's forums are NOT backed up???

@Stu , @pakalolo , is this correct?

If so, what kind of lunacy is this???

Is it running some flavor of RAID? SSD's?

Too valuable a repository as has already been stated, would be crushing for things to go 'poof' :(

Agreed. For functional recovery you need a DB backup. Hopefully one of the mods will know about the site infrastructure and have access.

Both @vtac and @Quetzalcoatl have been missing for several months. Only @vtac (the site owner) has the access necessary to update forum software or perform backups. He has never disclosed the back end architecture. We do not know whether there is an automated backup, but knowing @vtac there likely is one in place.

The domain expires on October 26. It would be fantastic if @vtac returns at that time; however, it is most likely that the domain will be auto-renewed. If I'm right, there could be an interruption in service to some members while the renewal propagates. This is what happened last year.
 
pakalolo,
  • Like
Reactions: Summer

aoaiwof

Member
Both @vtac and @Quetzalcoatl have been missing for several months. Only @vtac (the site owner) has the access necessary to update forum software or perform backups. He has never disclosed the back end architecture. We do not know whether there is an automated backup, but knowing @vtac there likely is one in place.

The domain expires on October 26. It would be fantastic if @vtac returns at that time; however, it is most likely that the domain will be auto-renewed. If I'm right, there could be an interruption in service to some members while the renewal propagates. This is what happened last year.
Thanks for the comprehensive reply. Perhaps when @vtac returns it would be wise to discuss how to allow other people to maintain the infrastructure. Like everyone here I love this site, it's a great resource, and I don't want it to disappear. As for HTTPS, if @vtac has no objections but is too busy/... to set it up there's no reason another trusted member of the community couldn't do that.
 
aoaiwof,
Probably should use wget to make a mirror of the site. If it does go down and there is no database backup, at least there will be a mirror of the site to reference. Then, a new site and forum can be set up and start over from scratch. The backup/mirror would not be interactive but at least you wouldn't loose all the reference.

I was going to make a mirror but it puts a lot of stress on the server and I didn't want the host to shut down the site thinking it was a DOS attack.

I do have the domain name on reserve so if it does expire, I got it.
 
Hackerman,

pakalolo

Toolbag v1.1 (candidate)
Staff member
Thanks for the comprehensive reply. Perhaps when @vtac returns it would be wise to discuss how to allow other people to maintain the infrastructure. Like everyone here I love this site, it's a great resource, and I don't want it to disappear. As for HTTPS, if @vtac has no objections but is too busy/... to set it up there's no reason another trusted member of the community couldn't do that.

Rest assured attempts along these lines have been made.

Probably should use wget to make a mirror of the site. If it does go down and there is no database backup, at least there will be a mirror of the site to reference. Then, a new site and forum can be set up and start over from scratch. The backup/mirror would not be interactive but at least you wouldn't loose all the reference.

I was going to make a mirror but it puts a lot of stress on the server and I didn't want the host to shut down the site thinking it was a DOS attack.

I do have the domain name on reserve so if it does expire, I got it.

A wget mirror is inadequate, since you cannot duplicate the member database. It would serve as an archive of the content but there is no way it could be made to function as a copy of the forum.
 
pakalolo,

aoaiwof

Member
Rest assured attempts along these lines have been made.



A wget mirror is inadequate, since you cannot duplicate the member database. It would serve as an archive of the content but there is no way it could be made to function as a copy of the forum.

We could parse a scrape of the forum to extract posts, and the associated metadata such as author, thread, ... . We could then import that into any forum software. We'd need to reissue accounts so people would have to connect their email address to the forum username some way, since it's not public.
 
aoaiwof,
A wget mirror is inadequate, since you cannot duplicate the member database. It would serve as an archive of the content but there is no way it could be made to function as a copy of the forum.

Exactly,pretty much what I said, it would just be an archive that would be reference. But, at least an archive can be referenced from the new forum (if it actually went that way). Information changes so fast in this vape market that the old info is mostly outdated or simply chat and friendly banter, anyway. Still, there is some decent info in recent posts and to even loose the banter and chatter would be kind of a shame for a lot of the members that call this forum home.

Let's keep our finger's crossed that vtac's payment method is still current for the auto-renew.

There is always the option of cracking the cPanel at the host.
 
Hackerman,

Sawyer

Active Member
Looks like the domain renewed again for two years, so that's good. Would be nice if the switch to HTTPS could be made though.
 
Last edited:
I expect we will see vtac make a visit soon.

Once he gets the billing for the domain renewal, he'll face palm and say, "Oh yeah, FuckCombustion" and perhaps stop in to see what's going on. LOL

Making one of the current mods an admin might be a good idea, this time around. LOL
 
Status
Not open for further replies.
Top Bottom