Header Graphic
home
download guide
why blues harmonica?
Whose Blues?
for BEGINNERS: a guide
what level are you?
video testimonials
written testimonials
bending
lesson plan
Front Porch Blues
FAQ's
FAQ's (continued)
harmonica teachers
overblowing
*THE STORE* (videos/tabs)
harmonica tabs
jam tracks
Blues Harp Jam Tracks, V1
YouTube harmonica stuff
sheet music
blues guitar lessons
Gussow YT video directory
HARMONICAS for sale
harmonica BOOKS
harmonica MICS
harmonica AMPS
harmonica TUNINGS
harmonica T-SHIRTS
all-time harp greats
modern blues harp masters
Magic Dick interview
Little Walter
Big Walter Horton
resources for harp pros
best harmonica videos
Paul Oscher interview
classic blues harp albums
AG biography
AG books
Beyond The Crossroads
Mister Satan's Apprentice
Journeyman's Road
Busker's Holiday
AG gigs
AG music
"Southbound"
"Live in Klingenthal"
"Blues Classics"
"Stone Fox Breakdown"
*Memphis Grooves"
Gussow's music videos
"Kick and Stomp"
Adam Gussow Crossroads
The Blues Doctors
"Same Old Blues Again"
"Roosters Happy Hour"
Sir Rod&the Blues Doctors
"Come Together"
"Keeping It in the Family
Satan and Adam
Freedom For My People
"Throw Down!"
"Back in the Game"
"Word onthe Street"
Nat Riddles
photos
links
more links!
BLUES HARP FORUM
forum rules
forum FAQ
forum search
forum archive
beginner forum
for sale or trade
Blues Jams forum
Blues Talk HOME
Blues Talk forum
Blues Talk documents
contact
Dirty-South Blues Harp forum: wail on! > why is mbh webste not secure?
why is mbh webste not secure?
Login  |  Register
Page: 1

1847
4652 posts
Jan 21, 2018
11:40 AM 		just curious why this web site is not encrypted?
garry
697 posts
Jan 21, 2018
1:16 PM 		Good point. Enabling SSL/TLS should be straightforward.

----------
nacoran
9709 posts
Jan 21, 2018
6:05 PM 		This was brought to our attention back around March. I submitted a request. This is the response I got.

"Hello Nathan,

Thank you for contacting the Support Team.

Please note that your site pages have long been in http:// mode so if there was any danger of your customer's login data being stolen, it would have already happened a long time ago. It's just that the major browsers have only just recently implemented this "insecure password" message.

The https:// secures any data sent from the page in the browser to the remote servers via encryption. The only way a hacker can steal any information sent between a computer and the server is if the computer has already been compromised in the first place. This means that as long as the customer is always vigilant in keeping their local computer and network secure, there shouldn't be any danger of any data stolen.

The only other danger is via wifi, but unless they are logging in to your site in a public unsecured wifi (which they shouldn't do in the first place as public unsecured wifi packets can be sniffed), there shouldn't be any danger of having their login data stolen by hackers.

We hope this has helped you with your issue. If you have other concerns, please don't hesitate to contact us again. If you have a follow-up question or inquiry to this case, you can click on the 'Not Quite Yet' button below to respond.


Best regards,"

The other two times I submitted security issues they were addressed quickly (if not perfectly... their fix for a back end vulnerability is why the automatic password reset doesn't work).

We also don't have a captcha that is usable by someone with a visual impairment (or a way to disable captchas after someone has posted a certain number of times) and the site is pretty much blocked on our end in Russia and China.

We looked into migrating to new forum software, but because our forum is on boutique forum software instead of a major brand there aren't plugins to migrate us over. Without a good plugin we'd lose the membership rolls and all the old posts. I posted an open call for anyone who might be able to help, but we don't seem to have many people with the magic combination of computer savvy and free time on the forum. My computer skills are okay for routine stuff, but a lot of this is back end stuff where even if I had better skills I wouldn't have server access. I recently experimented with trying to integrate some more facebook functionality (letting a fb login work here, and a way so that fb posts from the fb group could be cross posted here- and ideally that people on the fb group could see posts here), but even with my brother's gf's help it was beyond me (she has some html classes under her belt.) That would also let google count all the fb group's traffic for our analytics, which would give the site's ranking a big boost.

Macbuilders have updated some mission critical stuff, but our webhosts main business is not forum software. I think most of the sites they host only occasionally use forums... sort of for customer feedback, not for communities.

As for this specific vulnerability, the biggest concern would be hijacking of passwords. I do suggest people don't use the same password here that they use on other sites. I do keep poking at them with feature requests, but what we really need is probably to migrate to another host, but that is a huge, huge project that's beyond my technical skills. I have lots of ideas for features and at least one other minor vulnerability I'd like to see patched (although I'm worried patching it could break other things), but it is what it is.

If any of you out there can point me in the direction of good resources, it's easier to submit support requests if I can point them directly to how to fix the problem and some stuff, if I have good information I can even work on on our end...

----------
Nate
Facebook
Thread Organizer (A list of all sorts of useful threads)

First Post- May 8, 2009
Komuso
733 posts
Jan 21, 2018
6:17 PM 		That response doesn't address the core issue that HTTPS is now the standard. Google has also started penalizing search results for non-https sites btw as part of this switch.

Implementing it can be easy or hard, it depends on a few factors = your host company ease of use is a key one.

----------
Paul Cohen aka Komuso Tokugawa
HarpNinja - Learn Harmonica Faster
Komuso's Music Website
nacoran
9711 posts
Jan 22, 2018
9:06 AM 		I'll point out to them that it's hurting page rankings. They did make a big push to be mobile compliant. (Integrating a fb feed on one of our pages would help our page rankings a lot too. The FB group is getting pretty big and having all that activity outside of FB's walled off activity would give us a big bump.) And of course, the captcha system is a constant source of complaints, and the registration system...

----------
Nate
Facebook
Thread Organizer (A list of all sorts of useful threads)

First Post- May 8, 2009
boris_plotnikov
1152 posts
Jan 22, 2018
2:15 PM 		Here in Russia we still have no way to access MBH besides using TOR browser and even using tor I have to try 2-5 identities to get the access. Maybe it's time to get a better host provider?
----------

My website. My album with Mikhail Bashakov. Seydel endorser. LoneWolf Blues Co endorser. Harmonica teacher. My facebook.
nacoran
9713 posts
Jan 22, 2018
4:15 PM 		Boris, if it was as simple as switching, I'd lean that way (can't speak for Adam, and I know he only really has time to even look at it between semesters). The big problem would be migrating all the old posts so we would still have access to all the archived wisdom that has been shared. I know Wordpress has plugins to do most of what we'd want to do, and in the interest of knowing what was out there we looked at forum software that would work better. If we were migrating from one major software to another there would be a plugin for it already, but there isn't. I think it's probably a nonstarter unless we could save the archives.

----------
Nate
Facebook
Thread Organizer (A list of all sorts of useful threads)

First Post- May 8, 2009


Post a Message



(8192 Characters Left)

Modern Blues Harmonica supports

§The Jazz Foundation of America

and

§The Innocence Project

 

 

 

ADAM GUSSOW is an official endorser for HOHNER HARMONICAS

Powered by MacWebsiteBuilder.com easy web page builder