Switching FC to full-HTTPS

Would you like that this forum transitions to full HTTPS (encrypted) operation mode?

  • Yay!

    Votes: 155 89.6%
  • Nay!

    Votes: 3 1.7%
  • I'm clueless

    Votes: 15 8.7%

  • Total voters
    173
Status
Not open for further replies.

Grobalot

Well-Known Member
For someone who does not understand computer talk, I don't know what any of that is. Do I need VPN and https?

https is just a more secure connection to a site. most sites have a https option but some don't and can be less secure. it can make sure that site credentials are up to date and anything dodgy going on. you can install the addons through chrome or firefox.
a vpn is a more secure connection and can spoof your IP address so your location is hidden to anyone being nosey. lets you access streaming sites in your location that might be blocked. sometimes the connection can be slow, especially with cheap or free vpns, but generally a good idea, especially now. and even more important if you use wifi hotspots in cafes. certain programs can rip information and passwords if you connect to an open wifi SSID, so its a good layer of protection :D
 

Siebter

Less soul, more mind
As a webdeveloper and ex-sysadmin I am *deeply* shocked.

Just to clarify: this site will eventually be hacked, what @Hackerman describes is not exaggerated at all. Waiting for some admin to return is not a solution, more so given the fact that he hasn't been here for quite a while. It's highly irresponsible.

Please find a solution.

Edit: https://doesmysiteneedhttps.com/
 
Last edited:

pakalolo

Toolbag v1.1 (candidate)
Staff member
As a webdeveloper and ex-sysadmin I am *deeply* shocked.

Just to clarify: this site will eventually be hacked, what @Hackerman describes is not exaggerated at all. Waiting for some admin to return is not a solution, more so given the fact that he hasn't been here for quite a while. It's highly irresponsible.

Please find a solution.

Edit: https://doesmysiteneedhttps.com/

So your suggestion is...
 
pakalolo,
  • Like
Reactions: Grobalot

Grobalot

Well-Known Member
So your suggestion is...
I was thinking exactly the same haha.
Without the actual administrator that runs the site, nothing can be done short of shutting it down, which again, probably can't be done, and migrating to a new server, effectively loosing all threads, pics and data unless somebody goes through and manually copies all the data. which would be an impossible undertaking with how far back this site dates. Users can take steps on their end to ensure that your identity remains safe. VPN (not Nord though lol), running Tails OS in a dedicated linux environment to spoof user info and changing DNS settings to a trusted server like the Cisco DNS. Using a password and username that has no relation to any master passwords or user names for sensitive sites.
apart from that, there is no solution.
hope you don't mind me jumping in on this @pakalolo
seemed like @Siebter was a bit too demanding with the demands :lol:
 
Grobalot,

Siebter

Less soul, more mind
I think it should be shut down as soon as possible (for example by removing all threads and banning all users) and then reopened with people who are able to take care of the site and the server. I also think that new users should be warned about the security risks this site provides at the moment, I myself wasn't aware of the background of the missing https when I opened my account here.
 

Grobalot

Well-Known Member
@Siebter i wasn't aware either when i first signed up.
i get what you mean about shutting down and banning users until the site can be compiled somewhere safe with HTTPS. i don't think the site can be taken down without the original admins consent so manual bans and redoing the site with HTTPS as standard would be the only legitimate solution. but thats dependant on if the users themselves want to leave the site before everyone's pictures and manufacturers threads are deleted forever. if it where as simple as migrating to a new server and all the site info being clawed accross i'd imagine it would have been done by now. but as it is i don't think its possible at all.
the only other procedure would involve Purchasing an SSL Certificate, Configure hosting with SSL Certificate, Change all website links to HTTP, Setup 301 redirects from HTTP to HTTPS or consider HSTS
 
Grobalot,
  • Like
Reactions: Siebter

Siebter

Less soul, more mind
Given that the server can't be managed at the moment, it is crucial for the site to be hosted elsewhere – once the yearly payment for it stops, it will be shut down. And that's only one clock ticking.

A nice solution that satisfies everyone is most certainly not possible. It's a bit like being in a car that goes full speed with a driver fallen asleep. You could try to take over, but when you can't, you should jump out of the car asap. And you shouldn't complain that you'll have to walk.

The makers of this forum should keep in mind that time goes on; even if the site is running fine now, it will be taken over within a year, maybe two (and maybe it's already been taken over). At that point it might not be possible to do anything at all but watch what people or bots who are not part of the community will do with this place.
 

Grobalot

Well-Known Member
I've just changed my password again. might have to contact admin about deleting my account after you put it like that.
 
Grobalot,
  • Like
Reactions: Siebter

Grobalot

Well-Known Member
i wouldn't like to speculate on mergers. i only tend to use this and reddit and not very often on reddit tbh.
 
Grobalot,
  • Like
Reactions: Magic9

oddjobold

510 Vaporist
Is there some kinda site scraper that could be used to copy everything from this site then move it elsewhere?
 
oddjobold,

Siebter

Less soul, more mind
Scraping a site and republishing it elsewhere without given permissions is a copyright infringement.
 
Siebter,

Grobalot

Well-Known Member
@oddjob it could be done but @Siebter is right. if the site owner decided to come back and find out it had happened, whoever did it would most likely face legal action.
 
Grobalot,

oddjobold

510 Vaporist
@oddjob it could be done but @Siebter is right. if the site owner decided to come back and find out it had happened, whoever did it would most likely face legal action.

Had not thought about that. Its a bit of a catch 22.

I think FC is more sucessfull than vapor asylum because its bigger. However if the site went down permanently people would be forced to move across.

There is a load of usefull refernce info here intermixed with the usual rubbish. Has anyone considered a backup scrape even if it is not later published? Shame to see it just disapear one day.
 
oddjobold,
  • Like
Reactions: Grobalot

hd_rider

Well-Known Member
Isn't there an Admin or someone else on this forum that can contact the site owner to alert him of the problems and maybe suggest a plan of action?

I complained about this issue months ago and the site owner is still MIA.

Waiting for the site owner to show up is not gonna happen. Someone else has to try and take ownership of this site and fix it. Without that, it's only a matter of time until this site dies.
 

Siebter

Less soul, more mind
Site owner and admin are the same person → @vtac who hasn't logged onto fc for months.

„Taking ownership“ will include legal issues, hence nobody did it so far.
 
Siebter,

pakalolo

Toolbag v1.1 (candidate)
Staff member
I have no idea why you think that the two people left trying to hold this together haven't thought of everything you mention, and more besides. The only reason @Stu and I do this is from a sense of loyalty to the community. Believe me, it is not a pleasure, it is not easy, and it takes up way too much of our time. If you think we haven't done everything in our power to contact @vtac and to make the best of a bad situation, I honestly have no time for you.
 

Siebter

Less soul, more mind
This is not about the time you are investing, which I certainly respect – it's about the members not being aware what risks they are taking when using this forum.
 

ClearBlueLou

unbearably light in the being....
We’re online: anyone who doesn’t understand their exposure is in trouble already
Not to minimize concerns, but they’re quite old, however urgent.

I have always made sure that no picture could be assembled from any site that would identify or locate me.
I advise everyone to do the same: here and elsewhere, SSL and not.

security is literally what you make of it
 

pakalolo

Toolbag v1.1 (candidate)
Staff member
This is not about the time you are investing, which I certainly respect – it's about the members not being aware what risks they are taking when using this forum.

First of all, this forum is about a subject that is still illegal in many of the places where our members reside, and throughout its history it has been illegal in most of them. What risks do you think they are taking that they haven't considered before they sign up? (Rhetorical question, no need to answer.)

Second, the only information FC has on anyone is the email address that you used to sign up, and many of those are blatantly one-time accounts made for the purpose. Perhaps some members have unwisely re-used a password, but the percentage of those would likely not be high enough to interest a hacker. Anything else has been put online for all to see already, and presumably the risks were considered.
 
Status
Not open for further replies.
Top Bottom