Switching FC to full-HTTPS

[FlyingLow]

?

you really don't get it...

you are beating a dead horse, and have not made one suggestion that has not already been brought to attention a million times over.

You can, like others on FC, ride it out till the end days, or take yourself to another forum. You are not hostage to FC. If you do not feel safe, perhaps you might find more comfort on another forum.

 

[Hackerman]

You guys crack me up. I could hack into this site and make myself an admin in a breezy afternoon. I told both mods I could do this when I first joined here and one of them threatened to ban me if I tried. LMAO I could make both mods here admins. There is CURRENTLY an exploit that will allow that. I offered to make both mods admins. And, like I said, all I got was threatened. Actually, one of the mods I talked to was pretty computer capable and could probably do this himself.

Also. one of the mods said in a recent post that all a hacker would get is email addresses WRONG WRONG WRONG Most people here have personal information like home addresses in PM's. When the database is hacked all those PMs will be available to the hacker. Many people's HOME ADDRESSES WHERE THEY ILLEGALLY GROW could be posted on the internet or turned over to law enforcement officials. WAY more than just email addresses, bud. So, there is WAY more at stake here than most members realize.

However, the long and short of it is that even an admin can not fix the security problems here. You need access to the host server to do the upgrades this forum needs. So, even a new admin is pretty much a waste of time.

The clock is ticking. Watch for a user named HITLER. He should be here within just a few weeks or less. Believe me you will all KNOW when he arrives. LMAO

Peace

 

[KeroZen]

I consider all my PM to be public personally (I know that any determined attacker, be it state or rogue can access them) so I don't store personal information in there. But maybe we could indeed invite users to do the same and be careful with their PM's.

Anyway unless you are using a VPN or Tor, your ISP knows you are visiting this server IP, HTTP or not. And all ISP have the obligation to collaborate with state intelligence services so... Just a basic IP red list is enough to have you flagged.

This site is more than likely under surveillance, it would be rather surprising if it was not the case actually.

That leaves us with the threat of rogue hackers. But without root access to the server we can't do anything. If the forum is not updated we can also imagine it's the same with the server OS and packages. So yes it's pretty bad, but we need solutions, not fear-mongering at this point. And no one has any so far...

 

[Tranquility]

Goodness, some are admitting to felonies on the internet? That seems a bad idea; even if the site was well secured.

 

[pakalolo]

You guys crack me up. I could hack into this site and make myself an admin in a breezy afternoon. I told both mods I could do this when I first joined here and one of them threatened to ban me if I tried. LMAO I could make both mods here admins. There is CURRENTLY an exploit that will allow that. I offered to make both mods admins. And, like I said, all I got was threatened. Actually, one of the mods I talked to was pretty computer capable and could probably do this himself.

Also. one of the mods said in a recent post that all a hacker would get is email addresses WRONG WRONG WRONG Most people here have personal information like home addresses in PM's. When the database is hacked all those PMs will be available to the hacker. Many people's HOME ADDRESSES WHERE THEY ILLEGALLY GROW could be posted on the internet or turned over to law enforcement officials. WAY more than just email addresses, bud. So, there is WAY more at stake here than most members realize.

However, the long and short of it is that even an admin can not fix the security problems here. You need access to the host server to do the upgrades this forum needs. So, even a new admin is pretty much a waste of time.

The clock is ticking. Watch for a user named HITLER. He should be here within just a few weeks or less. Believe me you will all KNOW when he arrives. LMAO

Peace

No you couldn't. As you should know, the exploit you refer to requires that you already have moderator access. You clearly aren't as familiar with the software as you like to portray, since information in PMs can't be accessed by moderators or even administrators. That requires administrator access to the server which, as you correctly point out, is not automatic just by elevating a moderator to admin status. Claiming that "most" people have personal information in PMs is a gross exaggeration anyway.

The clock is indeed ticking. Sooner or later, something will break that requires administrator access and FC will be completely broken. We know this and we're trying to hold it together as best we can. People like you aren't helping, you're just scare-mongering. Anyone who feels unsafe should move on.

Oh, and as far as HITLER is concerned, bring him on. We've been in this state for a year and a half, I guess he's not in much of a hurry.

 

[Siebter]

There's always the option to open a new board and use the time left to move as much as possible – while the content will be lost, you can preserve the structure and the community of fc and then start actually managing a forum, which will be close to impossible once this place is dead.

Please don't bang your head against the wall again.

 

[hd_rider]

I like this idea...↑

 

[ClearBlueLou]

There's always the option to open a new board and use the time left to move as much as possible – while the content will be lost, you can preserve the structure and the community of fc and then start actually managing a forum, which will be close to impossible once this place is dead.

Please don't bang your head against the wall again.

I would appreciate it if you would not hammer our mods with what YOU feel needs to be done: the situation has been gone into numerous time in these seven pages, and you do not rest. No one here works for you. No one here is here to be ‘right’ or get paid’; if this board fails your standards, you are free to find another or start your own. If you feel YOU can’t be safe here, then YOU need to learn how to practice “safe surf” so you can take some responsibility for that safety.

Haranguing others to do it your way when they can’t and you understand that they can’t (and maybe understand *why* they can’t - but you seem short on that) is NOT typically the way to get anything done. Suggesting that our mods behave unethically with ‘property’ (FC+user base+archive) that is not theirs and which they cannot in fact control is bad advice, whatever your technical chops.

Glad you’re here, looking forward to SOME OTHER conversation with you, but hope not to see you in this thread again unless something significant changes re: VTAC...in which case, we can all join in with you.

Suddenly wonder: you do know *how* to not spread identifying data around, yes?
SSL and such are *EXTRA* LAYERS of security: security, like charity, begins at home.

Thank you for sharing your concerns.

 

[Siebter]

@ClearBlueLou – I don't see you being a mod here, so I feel free to destroy your hopes for not seeing me in this thread again.

I have made a suggestion, also because I was asked to do so by a mod, see the previous page of this thread.

 

[duff]

Just another sys admin/developer here. There seems to be no shortage of web stoners!

While @Siebter and @Hackerman (as well as @pakalolo) are correct that without @vtac's involvement the site has a short expiration date, I'm not sure how your more aggressive approach helps the matter.

This is old news unfortunately. You both are late to the party.

If the mods had permission to create a notice alerting folks of the intrinsic lack of security on sign-up they would.
If the mods had permission to add/change admins they would (side note is that for this version of Xenforo, you need direct database access so even if they had that permission the system still wouldn't recognize them as admins).
If the mods could reach @vtac they would.

That being said, I can't imagine just letting one of my sites crash and burn. Which is exactly what @vtac is doing. From one web guy to another...extremely irresponsible and I would be ashamed.

For everyone else:

• Use a password and email address that isn't tied to anything you give a crap about.
• Avoid putting a real email address, your full name and/or address/phone number in any pms.
• Do not put any paypal/venmo/bitcoin username info in any pms.
• Be aware that chances are good that one morning while you are enjoying a cup of joe, FC will not be available ever again.

Perhaps the biggest threat is that the two remaining mods, who devote a crazy amount of effort and time to hold off the inevitable, get tired of it and walk away. I don't imagine they have gotten an ounce of gratitude from their boss in quite some time. They get it from us occasionally, but think of all the nasty, negative shit they have to deal with.

Thank you again @Stu and @pakalolo. Without the two of you FC would already be a distant memory.

I don't think I really added much to the conversation, but I am so sick of nasty, aggressive, fear-mongering/divisive content everywhere I look. I have no time for that and don't want it anywhere near me or my loved ones.

 

[oddjobold]

Just another sys admin/developer here. There seems to be no shortage of web stoners!

While @Siebter and @Hackerman (as well as @pakalolo) are correct that without @vtac's involvement the site has a short expiration date, I'm not sure how your more aggressive approach helps the matter.

This is old news unfortunately. You both are late to the party.

If the mods had permission to create a notice alerting folks of the intrinsic lack of security on sign-up they would.
If the mods had permission to add/change admins they would (side note is that for this version of Xenforo, you need direct database access so even if they had that permission the system still wouldn't recognize them as admins).
If the mods could reach @vtac they would.

That being said, I can't imagine just letting one of my sites crash and burn. Which is exactly what @vtac is doing. From one web guy to another...extremely irresponsible and I would be ashamed.

For everyone else:

• Use a password and email address that isn't tied to anything you give a crap about.
• Avoid putting a real email address, your full name and/or address/phone number in any pms.
• Do not put any paypal/venmo/bitcoin username info in any pms.
• Be aware that chances are good that one morning while you are enjoying a cup of joe, FC will not be available ever again.

Perhaps the biggest threat is that the two remaining mods, who devote a crazy amount of effort and time to hold off the inevitable, get tired of it and walk away. I don't imagine they have gotten an ounce of gratitude from their boss in quite some time. They get it from us occasionally, but think of all the nasty, negative shit they have to deal with.

Thank you again @Stu and @pakalolo. Without the two of you FC would already be a distant memory.

I don't think I really added much to the conversation, but I am so sick of nasty, aggressive, fear-mongering/divisive content everywhere I look. I have no time for that and don't want it anywhere near me or my loved ones.

Massive Thanks to @Stu & @pakalolo. I see the spam that arrives every day. You guys clear it up over and over to keep this forum going.

I see this as the Singapore of vape forums. Singapore has no natural resources, only its rules make it sucessfull. Many nationalites work together in harmony in Singapore towards a common goal. Only way this happens is the strict rules it has. Everyone is equal and rules apply to all no matter what colour, status or money. There is order there and here, where elsewhere there is chaos.

One thing i will say. If @Stu Or @pakalolo ever feels like they need help and knows someone whos who can give admin rights, let me know. I for one would be happy to share you burden, and i am sure others would too. Not after any glory - but the battle is not yours alone. I for one will stick around till the end.

Big respect.

Edit: keep me off the homemade rosin.

 

[Siebter]

While @Siebter and @Hackerman (as well as @pakalolo) are correct that without @vtac's involvement the site has a short expiration date, I'm not sure how your more aggressive approach helps the matter.

My suggestion of finding a new home for fc is not aggressive, on the contrary. I don't understand what's wrong about this approach. Or in what way I was aggressive at all.

That being said, I can't imagine just letting one of my sites crash and burn. Which is exactly what @vtac is doing. From one web guy to another...extremely irresponsible and I would be ashamed.

True.

 

[invertedisdead]

My suggestion of finding a new home for fc is not aggressive, on the contrary. I don't understand what's wrong about this approach.

Thing is, it's really not that easy to just "make a new FC" - others have certainly tried but the alternative vaping communities simply aren't the same.

Besides, pretty much every active member here is already on those alternative sites so there's a genuine reason people still prefer this home base that I wouldn't really expect people to understand unless they've been posting here for a long time.

However it does sound like the classifieds section should just be shut down to avoid that exchange of personal information.

Doubt I'll stop vaping when FC dies, but I'll probably stop talking about it on the internet.

 

[KeroZen]

+1 on shutting down the classifieds, as I'm convinced it could allow us to lift the imgur ban.

 

[Siebter]

Thing is, it's really not that easy to just "make a new FC" - others have certainly tried but the alternative vaping communities simply aren't the same.

I never claimed that it'd be easy, on the contrary I always said it would be painful.

It's not just about founding yet another forum, it's about preserving *this very community*. I agree, after all it's not a problem, whoever is still interested in discussing vaporizers will find a new home on vaporasylum or vapelife or whatever – but fc will be gone.

 

[FuckFCsSecurity]

How is it that it can be 2020 and a forum website doesn't have HTTPS/SSL? Lets Encrypt, a FREE way of doing so, has been out for YEARS!! Even most shared server hosting providers have Lets Encrypt for free!!! I've heard a lot about FC on other forums, but I'm not going to make a real account on a website that doesn't encrypt my login information when sending it through 20+ computers. The site owner here is either highly incompetent, lazy, or both.

 

[Dynavaper]

Worse. He's MIA since quite some time. Let's see what happens when the domain renewal is due again this year. I count the days. Let's hope it will work out again...

 

[Siebter]

Do we know at what dates the renewal takes place?

 

[FuckFCsSecurity]

Do we know at what dates the renewal takes place?

October 26 2020 it looks like. Still have a while.

How long since this guy has been MIA?

 

[Siebter]

How long since this guy has been MIA?

His last post is from February 2018.

 

[hd_rider]

It's fucking time that this website is either 'acquired' from the site owner so that new management can be set up or that MIA owner steps up and fixes what needs to be fixed.

There is simply no excuse for this BS and it's only a matter of time until this website is hacked beyond repair.

 

[FuckFCsSecurity]

OK well it wouldn't be a huge investment on my part to start a new one for a year and see if people want to switch to an updated and secure forum. I think I'm gonna set up a new fuck combustion. If the owner of this comes back/it doesn't catch on after a year I'll probably drop it, but it's worth a shot with the low barrier to entry on my part.

I want to be a part of this community but as a web developer I refuse to regularly use sites that don't uphold even the lowest standard of security measures. Also really seems like the owner is about to drop it himself so probably a good time to start moving. I'll probably be back in a week or so with more info.

 

[Dynavaper]

Save your efforts. There are already some alternative forums that have been founded for the same reason (among others). People still preferred to stay here. Open up your own forum, but do not expect people to follow you like crazy.

 

[FlyingLow]

^ he speaks the TRUTH

 

[KeroZen]

Oorite folks, it's a success! We can now close and archive this thread, HTTPS is enabled on our forum.

Thanks to the mods for their hard work this past month.